TalkTalk data breach response is “bare minimum” for customersby
TalkTalk is experiencing a week from hell, if the level of media attention surrounding the UK mobile network provider is anything to go by.
Following a third data breach of the year, this time a cyber-attack of its website which has left around 4m customers having their personal and financial details compromised by hackers, the company has been accused of taking a scattergun approach to fighting the growing feeling of contempt towards it and its CEO, Dido Harding, as a result of the attack.
Harding has herself been on a crusade over the last few days to try and make amends for what has gone wrong, but in the process, has revealed a number of insights into the company’s inability to protect its customers sufficiently.
According to Marketing, this included confessing that she was “uncertain about the technical nature of the attack” and “did not know how much of the stolen data was encrypted”.
And the Independent also states that data security was not a priority for TalkTalk at all, with Harding being quoted as saying, "with the benefit of hindsight, were we doing enough? Well, you’ve got to say that we weren’t.”
But while the breach is undeniably a critical one for the telco it is by no means in isolation, with 81% of large organisations (and 60% of SMEs) suffering data breaches each year, and the cost of a data breach for a large organisation averaging betweek £600K to £1.15M (and between £60K and £115K for an SME). So why has TalkTalk’s hack been met with such disdain? Which executive director, Richard Lloyd says it comes down to the approach the company has taken to serving its customers in the direct aftermath of the event becoming public knowledge:
“This is the bare minimum from TalkTalk, who should look at all the ways customers could lose out from having their data compromised. TalkTalk must treat their customers fairly by letting those affected leave their contracts without penalty and consider offering appropriate compensation.”
Harding has subsequently gone on record to confirm that the company will indeed offer termination of contract without penalty (see video below), however, she also added that this would be done “on a case by case basis”, suggesting that the company was unlikely to offer get-out clauses to those affected as quickly as Lloyd has recommended.
And Simon Mullis, global technical lead at the security firm FireEye, told the Guardian that TalkTalk had made a catastrophic error by failing to recognise the importance of data security as a vital part of standard customer care:
“Security is no longer an IT problem, it’s a business issue, as the way in which a company responds to such an attack can have a huge impact on its stakeholder value. It’s therefore imperative that executives have a firm plan in place to recover from data breaches when they occur, as their company’s value swings in the balance.”
TalkTalk’s call centre was ranked among the three UK customers most “dread calling” in a survey conducted in May, and its response to the current data breach has been likened to that of infamous adultery website Ashley Madison, who delivered an equally disconnected response to its customers in the wake of a similar-sized data breach of its own, back in July.
Chris is Editor of MyCustomer. He is a practiced editor, having worked as a copywriter for creative agency, Stranger Collective from 2009 to 2011 and subsequently as a journalist covering technology, marketing and customer service from 2011-2014 as editor of Business Cloud News. He joined MyCustomer in 2014.