There was utter panic when an unauthorized user broke into the website of the British telecoms and broadband company TalkTalk this week. The hacker stole the bank details of up to 4 million individual customers, past and present.
A ransom demand was sent to the broadband provider by someone claiming to be responsible and seeking payment.
The attack proved to be deeply embarrassing and financially painful for the company concerned.
The response of the company to the attack, which exploited a weakness in the language, SQL, used to communicate with their databases, was a textbook how-not-to.
When the BBC asked CEO Dido Harding if customers’ details had been encrypted(converted into code only crackable by those with the key), she was humiliated, replying, “The awful truth is, I don’t know.”
Twenty-five percent has been wiped off the value of the company since the debacle began as traders dumped the stock.
Speculation as to who could have been responsible was rife: Fingers were pointed at everybody from gangs of Russian criminals to Chinese government agencies, although the question of why the Chinese would make such a sally in the week that the president of China, Xi Jinping, had been treated to a glittering reception in the U.K. remained hanging.
It was all set to go down as one of the biggest and most brazen attacks in the history of British cybercrime.