/ Money, Technology

Update: TalkTalk offers compensation for data breach – but is it enough?

TalkTalk logo

After being hit by a cyber-attack that saw hackers access the details of thousands of its customers, TalkTalk has come out with an offer of compensation. But is it enough?

TalkTalk has today said it will take a hit of up to £35m after last month’s data breach. The attack saw the details of 156,959 customers (including names, emails and phone numbers) and 15,656 bank account numbers accessed by hackers.

Compensation for TalkTalk customers

The telecoms company previously offered 12 months of free credit monitoring alerts. But for customers who wanted leave, TalkTalk said it would only waive termination fees for customers who had had money stolen directly from their account.

Quite frankly, that was the bare minimum. We’ve previously said that all affected customers should be able to leave their contract without penalty, and that TalkTalk should consider offering appropriate compensation.

And on that final point, TalkTalk has today announced an offer of free upgrades for its customers (without any additional commitments).

TalkTalk’s chief exec Dido Harding said:

‘In recognition of the unavoidable uncertainty, and because we know that doing what is right for our customers will ensure the best possible outcome for the company over the longer term, we are today announcing the offer of a choice of free upgraded services to all our customers.’

Free upgrades for TalkTalk customers

So what’s on offer? You’ll be able to add one of the following to your existing service: TV content including movies and sports; a mobile SIM with free texts, data and calls; unlimited UK landline and mobile calls; or a broadband health check.

The upgrades are open to all of TalkTalk’s customers, not just those affected by the hack, from 1 December.

The question is – do you think this is enough? Is a TV, mobile or landline package upgrade enough to appease you after TalkTalk’s data breach? Are you a customer that’s seriously considering leaving, or are you happy with how TalkTalk has dealt with the cyber-attack?

Do you think that TalkTalk's compensation offer is enough for its customers?

No (83%, 4,254 Votes)

Yes (10%, 529 Votes)

Don't know (7%, 345 Votes)

Total Voters: 5,128

Loading ... Loading ...

Update: 6 October 2016

The Information Commissioner’s Office (ICO) has issued a record £400,000 fine to TalkTalk for its failure to protect customer data, after its data breach last October.

According to the ICO, security failings by TalkTalk allowed a hacker to access customer data ‘with ease’. The investigation by the ICO found that customer data was taken from a database that was inherited when TalkTalk acquired Tiscali in 2009. The attacker targeted three vulnerable webpages allowing customers names, address, dates of birth, phone numbers, email address, as well as some 15,000 bank account details and sort codes.

Our Managing Director of Home & Legal Services, Alex Neill, said:

‘It is right that the ICO has slapped this record fine on TalkTalk for failing to protect their customers’ data. However, this will be cold comfort for TalkTalk customers who suffered at the hands of this breach and feel they haven’t been treated fairly. Businesses must do more to help individuals affected by data breaches.’

Do you think that TalkTalk’s £400,000 fine accurately reflects the loss of over 150,000 people’s data including over 15,000 bank account details?

Comments

Upgrade or the option to leave without penalty is the only acceptable offering.

Anything less is just not adequate. This is not a one-off security breach for TalkTalk and if people feel insecure then they should be free to leave. With of course the 12 month monitoring package included.

Please understand two weeks messed around with TV when I started with you a few months ago. Philippines every time I rang..flowed off
No UK team at all. Then when I joined talk talk. A lady member of your team in Philippines offered me a deal then two weeks later a rang me TV was playing up. Could watch a film and turned of f half way threw. Then I had to connect all wiring.
As when the man who did come to me home to fit he did then you turned it off your side in Philippines. Why?
Promised my bills are only 27 quid turned into more money. I was mentioned to be on a deal as the team lady member should have sorted when I joined talk talk
You’ve messed me around over amonth so naw I want rebating 25 connection fee
I did it. And losing previous channels while your Philippines were trying to sort. Not my problem. Your mess I’m a customer and you’ve not done as a contract says. I’ll stay if I am one of thouse who get free channels for a year ect.. I was with sky 5 years I was hoping 5 years with you as sky were loyal.
And you’ve not stuck to deal at first. And took money while TV wasn’t working
Were are the team in UK too? If need home people not just the Philippines.

I am less than satisfied with Talk Talk. My broadband connection is consistently poor. Each time I complain I am referred to the online Help facility. Their technicians are good and do fix my broadband temporarily. They also have to absorb my irritability with the service. I am still with Talk Talk because I have one of their You View boxes that is good, in fact it is the only good thing about Talk Talk. If I leave them they will block the box. The price has gone up several times since I switched to them. I did not lose money in the cyber attack but my connection is worse than ever. I think that people who are worried about security with Talk Talk should be able to leave without penalty.

Grahame Rees says:
13 November 2015

I’m with Tesco BB and TalkTalk has bought them out, my contract runs out with Tesco on 22nd December and we should all be transferred over by February, Iv told Tesco that I do not want my details past over to TalkTalk and I am looking for a good/great deals at the moment and transfer over to a new provide after the 22nd November, within my 30 days notice, I asked Tesco BB just after the last TalkTalk data breach if I could cancel my subscription and they told me I could but it would cost me, so you v got to wait till I’m in the 30 days zone of the end of my contract with Tesco BB

You are in a contract so why are you complaining?? As in any other contract you want to break you have to compensate the contractor for loss of contracted business. A fair one!!

TalkTalk broke that contract by not safeguarding their customer’s personal data.

I joined talk talk a few months back and your TV channels were not right as a member of your team was gonna give me a package were I got line rental and calls all time. Then me TV as I was on your package two weeks latter you’d put me on a package were I didn’t have the deal I was promist. As then I only could talk to team in Philippines. Why? Then me bill twice were rong. Then your manager a payment or two latter gave me my deal.then when also put connection to tv
U switched of TV funny over a week you did the damage. Your member comes to home fitted it well. Then you on your side mess alk channels then I had to do it myself. 25 quid I did it. I lost TV for two weeks then messed around Philippines. With staff. Who could say why what was wrong. Where was UK team managers. You can give me a deal as am not just been most about. It’s not nice watching a film and your TV just stops a week or two.
Please understand you’ve messed me around charged TV I never saw.

Graham says:
11 November 2015

At present, I’m very disappointed with TalkTalk. Been with them for years. I’ve recently upgraded my package from standard broadband to fibre but haven’t really seen any difference in speed. I’m still trying to work out how I am now on fibre when the new box just plugged straight into my phone line.
Since the attack on Talk Talk, I’ve been plagued by e-mails from a few so called companies which just say – message for me and is a link to click on. I receive my emails using Incredimail and I keep blocking them. However they persist by having a newname before the @. I am getting pi**ed off with them.

I’ve had emails and letters from Talk Talk explaining the big picture of what has happened but not once had any communication from them to ask if I’ve been affected in any way. Also I can’t see anywhere on their website to report the email problem.

I think they should just make their prices cheaper for customers if they want to keep them.

This comment was removed at the request of the user

Did you keep a copy?

This comment was removed at the request of the user

Hi Duncan, thanks for your comments. To introduce myself I joined Which? on Monday and I work with Patrick on Which? Conversation. I’m sorry that we couldn’t publish your comment about the owners of TalkTalk. The conversation is around the topic of compensation for customers, so we didn’t feel that your comment was strictly related to this particular thread. I appreciate that you spent time gathering that information – if you fancy sharing it with us feel free to pop it in an email ☺️

Lauren and Patrick
It is always a concern when moderators start to delete posts and thinking about it I think I can offer you a solution if you think it is off-topic.

Simply note that a deletion has been made and store and link that deletion so the curious can see what you felt compelled to remove. If it was felt by members to be unjustified then you will be able to tune your monitoring role to those who post and read – and therefore make up the community.

I have no concerns over editors and moderators deleting posts if they consider they breach the commenting guidelines or are way out of scope.

We are told the deleted post relates to the ownership of Talk Talk which is the company under discussion. I cannot easily see that is way out of scope or breaches community guidelines.

However John if you can make a case where discussing TalkTalks owners, its previous security breaches, and numerous fines are not in any way relevant to the current thread I will be impressed.

My background knowledge of their “previous” makes me a harsher judge than perhaps someone who knows absolutely nothing of the company’s history.

The CEO of Talk Talk appeared on BBC 1 yesterday and made a good showing (as one would expect from any CEO). But she also made a good point.

Complete security of data on a server is always going to be impossible. You can lock it down as tightly as possible but the facts remain that all software is flawed and the software on which the server software was written is flawed.

Many years ago I coded in Assembler. It was during that time I learnt that writing in Assembler is incredibly arduous but also fascinating, since you’re working with comparatively few commands and have to build all the things you want the software to do using those only few commands.

And here’s the thing: Assembler works by writing directly to the commands embedded in the processor of the server. Those commands were formulated using software that was flawed. Thus (and without defending Talk Talk in any way) all server systems are inherently vulnerable.

Talk Talk might well have been remiss in not ensuring their server security was always maintained at the cutting edge; I don’t know, but when you look at the UK government, for instance where roughly two laptops per week are left on the tube, bus or in a taxi were Talk Talk behaving any worse than the rest of the industry?

Ian – Could you perhaps talk about encrypted storage of information ?

We have no alternative to the British government so I am not convinced that their incompetence makes TalkTalks less bad.

This comment was removed at the request of the user

That’s true, DT, bu the point I was making is that no system is secure. There are only degrees of security. FWIW, if it can be proved TT were negligent then they should be sued – heavily.

If I was a TalkTalk customer I would not be very happy with their press release which says more about how wonderful the company is, rather than focusing on the current problems. Some advice for customers would be useful, for example changing any passwords that are the same as those used with their TalkTalk account.

If you are not a TalkTalk customer then it is nothing to do with you!!

I strongly disagree Ben. This is a channel for consumer concerns and what happens with TalkTalk recently could be happening with another company tomorrow. Almost every organisation we deal with nowadays has a vast and detailed database containing great quantities of sensitive information. We have absolutely no idea how secure these databases are, how trustworthy the staff who access them are, nor what threats to their security there are. The biggest concern of all is that no one knows [except the perpetrators] where and in whose hands this information ends up. How companies respond to hacking and data mining is critical in first containing the threat, second protecting against further exploitation, third restoring normal operations, and fourth supporting customers who need to safeguard their other on-line activities. This is not a sequence of actions – they should all be occurring simultaneously, and it is becoming clear that many of the companies who hold our details are neither equipped to respond satisfactorily nor capable of doing so managerially. It is sometimes said on behalf of the hackers that all they were trying to do was to demonstrate these security weaknesses. I am sorry but I don’t buy that one either – there are more responsible ways of exposing security concerns than harming the interests of hundreds of thousands of innocent citizens; any attack like this has a malicious intent and we can’t just say “I’m not with that company – it’s nothing to do with me”. What about the Tesco customers who now find themselves under TalkTalk because Tesco have sold their telecoms business to them?

CA Sussex says:
12 November 2015

I decided to leave and signed up with Sky Talk; however, apparently Talk Talk refused to transfer my home number and Sky cancelled my order (without telling me). Much time spent on the phone with both companies! I asked Sky to try the switch again and wrote to Talk Talk asking them to facilitate it properly. I’m not sure what’s happening now, but hope they will arrange it, as suggested, for 20 November. Neither company has this easy at all…..

I was a Talk Talk customer by default when they acquired Tiscalli. It did not take me long to leave after they jacked up non contract customers call costs retrospectively. Many letters were exchanged over many months but I never did pay an never would pay their increased fees. I would doubt that they would have any leg to stand on if users decided to leave. Talk Talk have demonstrated serial incompetence with customer data and have not complied with the Data Protection Act.

As for Dido Harding on the BBC that was less than impressive. For someone with supposedly impeccable qualifications I am not surprised. Just look at the biography and you will see why. This is typical of out of touch CEO’s who put themselves first, along with their sycophant followers, and totally neglect the customers and their investors. World Class incompetence at its best. A dreadful company that deserves extinction, and this might serve as a salutary reminder to other companies that treat their customers with utter contempt as Talk Talk does.

As you are not a TalkTalk customer it has nothing to do with you!!

It is an interesting point that as a group Which? subscribers who want to leave TalkTalk could be supplied with a standard letter approved by Which? legal outlining the many breaches of security over the last 15 months. A history of mis-selling and a refusal to store information in encrypted format surely gives plenty of leverage.

There is also the rather embarrassing calibre of the gang of hackers. So 800,000 subscribers and 4000,000 supporters would amount to a reasonable number who want to leave Talk Talk.

I have been with Talk talk now since last April, they used to be the best value Broadband but there has been two price rises in the space of 6 months and i feel this is unjustified, their customer service is terrible (took me a week to get a reply to a basic question) and now i am seriously contemplating leaving

I think they have made a fair offer=== they are not the guilty party.
wish they could fix my mobile

They are guilty of a clear breach if trust, and possibly a breach of contract too! They did not hack the system, but if they failed to fully implement the recommendations of the regulator following the previous incidents, they are guilty of leaving the door open for these data burglars.

Trevor says:
13 November 2015

Hackers are a fact of internet life – everyone knows they are out there. Talktalk are guilty of failing to put sufficient investment into measures to secure their customers’ data against the hackers. They are guilty of cutting corners on security to enhance their profit, thus making them a soft target. They are guilty of failing their customers and should waive termination fees for any that wish to avoid the risk of a fourth security breach and take their business elsewhere. They are guilty of displaying a shameful and disgraceful disregard for customer care in the aftermath of this and previous hacking incidents. Talktalk most certainly are guilty and, in my opinion, deserve to go out of business as their customers leave for competitors who know how to run a telecoms company. (A Talktalk customer of many years who has recently been receiving calls from “talktalk customer support” fraudsters over a telephone service supplied by … guess who?)

I used to be a talk talk customer about a year ago. I’m getting calls every other week from someone claiming to be from talk talk wanting personal details. More needs to be done by talk talk and to be honest I don’t think they give a danm about anything other then loss of their reputation . I would never consider talk talk again!

Many like us will have left talktalk as a result of v. poor service. There is no indication that our residual data is not compromised. If it is, we are the losers ! Just as changing email address with Which? still leaves this branch of theirs addressing us with the old talktalk email !

Jamie says:
13 November 2015

I am just waiting for the moment that i can leave Talktalk. I have found them to be a terrible company to deal with. Incompetent and unhelpful. At present the service of broadband is OK. It slows down quite frequently, but i pretty much always have a connection. BUT having to deal with customer services etc is a complete and utter nightmare.
I certainly dont think that the upgrades offered are good enough at all. I would expct something much more substantial most of these are things people are not very interested in.

I would leave now and sign up to a provider who will pay (up to a limit) possible cancellation charges.

Susanne says:
13 November 2015

I agree with all the points you make regarding talktalk’s incompetence , unhelpful customer service and general indifference.
Im having several scam calls each day, which started even before T T admitted the cyber attack.
I have written by special delivery requesting termination of my contract without penalty, having been told it would cost over £180 to leave. After two weeks I still havent had a response.
I believe they have broken the contract by allowing my personal information to be stolen by criminals.
Talk Talk seem more interested in damage limitation and spending thousands sponsoring X Factor than they are about the stress, inconvenience and requests to leave without penalty from their customers.

Thanks! but what I would like to know is:- am I one of the affected customers?

AND IF SO, HOW SOON WILL I BE TOLD?

The compensation culture never thinks about where the money comes from. Either TalkTalk offers good prices (which it has done for years) and makes a small profit from every customer (which it certainly is entitled to do) or it charges customers more so that it can build up reserves to meet the next occasion when some teenager from Northern Ireland finds a weakness in a huge system.

I have been with talktalk for over eight years, and during that time I have saved a very significant amount of money on phone calls, as we phone Slovakia on a daily basis. While not happy that talktalk’s security was breached, in an age of vile and despicable computer conmen, I am not terribly surprised. On all other counts I am happy with talktalk and the service and value it continues to provide. Today, where customer loyalty is for most service providers non-existent, talktalk are, I believe, getting it right. OK, you might have to negotiate terms with an out of the UK agent, but I have found their agents to be most receptive and helpful. I, for one, will be sticking with talktalk!

Can you please tell me which other service providers have had a single security breach, let alone three! I don’t trust them anymore with my personal and bank details.

Daphne says:
13 November 2015

Customers should be able to leave TalkTalk without a penalty, seeing this cyber attack has occurred three times so far.

Talktalk say they are giving you for free Noddle, Noddle is free already, I’ve had Noddle for a good few months now and have not paid a dime

Agnes,
Is it not the case that parts of Noddle are free but not the particular service being offered to TT customers?

Ian Lineker says:
13 November 2015

Irrespective of the offer -the attempt to speak to anyone at the company by telephone is the most frustrating and frankly totally irritating experience.It is at times,(when eventually one manages to speak to a human being) difficult to understand their response and there seems to be no one in any form of authority who can offer guidance or a modicum of explanation as to what is being done to deal with the problems
In context I have reliably been informed that the communication staff are operating from a distant galaxy………….