As I write this, the TalkTalk hacking drama – which was all over the headlines this morning – is literally unfolding in real time. Dido Harding, chief executive of TalkTalk, went on BBC TV News yesterday evening to say she was “very sorry” for the disruption caused by a cyber attack which could mean that hackers have access to the personal details – including names, addresses, telephone numbers, credit card information and bank details – of its 4 million customers. It seems none of this information was encrypted.
Early reports suggested the perpetrators of the attack could be a Russian Islamist group, which had posted online to claim responsibility, although this had not been investigated or verified. There was also speculation that this could be an extortion attempt, with ransoms demanded in bitcoins. Either way, the fact that their personal data was not secure will be of concern to TalkTalk’s customers – and it’s certainly a concern to the stock market: TalkTalk’s share price dropped by 11% on the day the news broke, although it has since made a partial recovery.
By lunchtime on Friday 23 October, Dido Harding was on BBC News again to say that she had personally been approached by “someone purporting to be the hacker looking for money,” although she didn’t know whether the ransom email was genuine.
Bound by the fact that this is now the subject of a criminal investigation, Ms Harding seems to be doing all she can to update the public under very difficult circumstances. Earlier in the day, she had been at pains to emphasise that TalkTalk would be providing every one of its customers with a year’s free credit monitoring, although she was unable to confirm whether they would also be eligible for any compensation.
According to Rory Cellan-Jones, the BBC’s technology correspondent, the cost to TalkTalk’s reputation is likely to be very serious because “it is going to have to reassure its customers that its security practices are robust enough to regain their trust.” So, although the TalkTalk website is now secure again and its TV, broadband, mobile and phone services were unaffected by the attack, its reputation may be fatally wounded.
We seem to be in the midst of a wave of crises for big corporates, with the VW emissions scandal hitting the headlines just a few weeks ago. TalkTalk is particularly vulnerable now, having suffered two similar (although unrelated) hacking attacks in the past 12 months. In August, the company revealed that its mobile sales site had suffered a breach of personal data, and in February it warned customers about scammers who had stolen thousands of account numbers and names.
Despite the best efforts of Ms Harding to work with the media to ensure clarity and transparency, this could be a breach too far for TalkTalk. Yet cyber crime is something that can affect any organisation at any time. And every time you see a beleaguered chief executive earnestly telling the public that they’re doing everything they can to put things right, you can’t help wonder how you’d react if this were happening to your company.
If you’d like to review your company’s crisis communications plan and get the inside track on how to work with the media to get your messages across, why not consider our crisis communications workshop? After all, as we’ve seen time after time just recently, it helps to be prepared. To find out more simply email Emily to express your interest in the workshop.