TalkTalk cyber attack: Company accused of cover-up following reports customers targeted a week before hack announced
Customers have reported attacks on their home computers as well as scam calls by thieves who knew their names and account details
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.TalkTalk is facing accusations of a "cover-up" over one of the largest cyber hacks in British history, after claims emerged from customers who say they were targeted by scams almost a week before the company went public about the attack.
On Thursday, the company announced that millions of customers had their credit card and bank details stolen, during what it said was a "significant and sustained cyber attack".
However, as early as Friday the previous week, customers suffered attacks on their home computers as well as scam calls by thieves who knew their names and account details, The Telegraph reports.
Keith Vaz, chairman of the cross-party home affairs select committee, alleged evidence was beginning to emerge that TalkTalk had covered up the true scale of the "alarming and unacceptable" crime.
The company released a statement denying a cover up, saying the accusation was "deeply unfair".
The Guardian features an interview with a man who said he nearly fell victim to a "very convincing scam" on Wednesday morning – more than 24 hours before TalkTalk's announcement – in which perpetrators hijacked his internet connection and then telephoned him pretending to be from TalkTalk support.
"They had all the details you would expect TalkTalk to have at hand, including name, address, phone number and TalkTalk account number," he said.
This suggests customers were targeted by criminals days before the telecoms company admitted the data of up to four million of its subscribers was stolen.
TalkTalk has since received a ransom demand from someone claiming to be responsible for the cyber attack.
A message was posted online to the Pastebin website claiming the attack was the work of a Russian-based team of Islamic extremists.
TalkTalk has been heavily criticised after leaving customers' data unencrypted, meaning the information will now be easy for anyone who finds it to see.
The attack is the third to hit the company this year.
Encryption is one of the most basic security methods recommended to companies, since it means that only those with a key can actually see the documents, so stealing them can be useless.
Each attack saw customers' personal data breached and then apparently sold on to criminals, who used the easy access to attempt to scam those on the list.
Responding to The Telegraph's report, a TalkTalk spokesperson said: “We haven’t been covering up anything.
“We went public with this within 36 hours. It’s not easy to go much quicker.
“We cannot be accused of trying to hide the scale of this. That is deeply unfair.”
The Metropolitan Police Cyber Crime Unit is investigating the allegation of data theft, which was reported on Wednesday, 21 October.
Detective Superintendent, Jayne Snellgrove of the Cyber Crime Unit said: "TalkTalk have done everything right in bringing this matter to our attention as soon as possible.
"The Met has one of the largest cyber crime and fraud teams in Europe, with up to 500 specialist officers dedicated to tackling this sort of offence.
"Our success relies on businesses being open with us and each other about the threats they encounter.
"This case is just one example of the new generation of criminality my team are dedicated to tackling. We continue to lead on this investigation but are working with the National Crime Agency (NCA).
"Operation Falcon sees a more focused and joined-up approach by the MPS, the business industry and other law enforcement agencies to ensure that we quickly identify the issue - in this case alleged data fraud - and immediately set about working to protect the public, designing out the crime and arresting the culprits."
Following the hack, the company said any customers who notice unusual activity on their accounts should contact their bank and Action Fraud, the UK's national fraud and internet crime reporting centre.
They have also been urged to change their TalkTalk account passwords and the passwords of any other accounts which use the same passwords.
Have you been affected by the TalkTalk cyber attack? Email us at talktalk@independent.co.uk or tweet us @Independent to tell us your story
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.