Skip to main content
Butter bar
Protect your organization with our weekly risk intelligence brief

TalkTalk crisis – Lessons to be learned

The TalkTalk Crisis – Lessons to be learned?


Following the “significant and sustained cyber-attack” on the TalkTalk website, news of which broke on Thursday evening, we took a look at the role of critical communications during the heat of the crisis and how improvements in this area can play a role in limiting consequences when disaster strikes.


The internet and telecoms provider, which has over four million UK customers, broke the news late on 22 October, saying that potentially all customers were at risk from the attack after admitting that customer data, not all of which was encrypted, had been compromised. Potentially stolen data includes; names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information and credit card and bank details. Despite a belief that only incomplete bank and credit details had been stolen, meaning that cybercriminals wouldn’t be able to use the stolen information for financial transactions, many TalkTalk customers are reporting suspicious activity and even cleared bank accounts.


Potentially it could affect all of our customers, which is why we are contacting them all by email and we will also write to them as well.” – TalkTalk chief executive Dido Harding


TalkTalk has been credited for a quick response in some quarters, with chief executive Dido Harding ubiquitous across all media in the aftermath. However, the response was not quick enough, or perhaps effective enough, to prevent drastic consequences for some customers. TalkTalk advised customers to change passwords and report suspicious activity on their bank accounts to the UK’s national fraud and internet crime reporting centre. However, a number of news sources have reported stories of affected customers since the story broke, including those who had their bank accounts cleared and even left overdrawn. One TalkTalk customer stated, “I have not received a single piece of correspondence. The level of information is lacking. TalkTalk’s online advice is not proportionate to what has happened. Telling customers to “keep an eye on accounts” just does not cut it in terms of advice.”


Communication is a Two-Way Process

These reports highlight the issue of communication and TalkTalk’s crisis response has to be analysed as much as its potential security failings (it is the ISPs third breach in 2015). Many of these cases appear to be victims receiving phone calls from criminals equipped with enough account details to convince them to hand over bank details. Customers lost thousands of pounds following a data breach in February by falling prey to similar scams, in some cases customers were taken in by an offer of compensation.


In such situations, criminals will act fast to seize their moment of opportunity, and an organisation must be prepared to act decisively during an incident to ensure the protection of stakeholder’s information and interests. Communication is always a two-way process and communicating the right message at the right time is worthless if not acted upon when received.


Consider instead a prompt, detailed, automated multi-modal IT crisis notification and response, detailing the situation, potential consequences and urgent actions, and the effect this type of response could have made on the unfortunate consequences for many TalkTalk customers. The Everbridge suite and IT Alerting solution offers a multi-modal notification via text, email, phone, etc. until it is confirmed that the information has been received by the customer.


For more details of Everbridge products, and how they can help your business visit

Request a Demo