Data theft in British provider TalkTalk took place via SQL-injection




The hack at the British provider TalkTalk was possible because the attackers did a sql injection on an old web page. That old web belonged to the provider by the acquisition of the UK arm of Tiscali in 2009.

The sql-injection, among other possible because the database was outdated and vendor supported that version of the software does not even remember, writes the British regulator ICO. The sql injection was possible on three websites that were linked to the database that was formerly Tiscali. There were already made two previous attempts to hack in October last year, but the provider had that not noticed. That was because TalkTalk not monitored the pages.

The attack was easily preventable with proper beveiliginsmaatregelen says ICO. Therefore considers that TalkTalk did not comply with the legal obligation to secure user data and condemned the provider to pay a fine of 400,000 pounds sterling, currently converted approximately 455,000 euros. In the Netherlands, since this year such fine also possible due to the neglect of the security with the theft of customer data as a result.

At the hack whose TalkTalk victim data from approximately 150,000 customers were stolen last October. Thereby possible concerns data such as phone numbers, email addresses and bank details. The three suspects police arrested could face imprisonment. TalkTalk lost after the hack tens of millions of pounds in costs and 95,000 customers.


Tags: ,

In: A Technology & Gadgets Asked By: [21995 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »