TalkTalk chief executive Dido Harding has insisted the company’s cybersecurity is “head and shoulders” better than its competitors in the wake of the massive hack attack affecting thousands of customers.
In an interview with the Guardian, Harding conceded it would be “naive” to rule out the prospect of the telecoms firm suffering a similar cyber-attack in the future, describing the threat from hackers as “the crime of our generation”.
Asked about claims by an IT researcher that he raised concerns about TalkTalk’s security with her office last September, Harding said its security had “improved dramatically” in the last year.
She said: “We are understandably the punchball for everybody wanting to make a point at the moment. Nobody is perfect. God knows, we’ve just demonstrated that our website security wasn’t perfect – I’m not going to pretend it is – but we take it incredibly seriously.
“On that specific vulnerability, it’s much better than it was and we are head and shoulders better than some of our competitors and some of the media bodies that were throwing those particular stones.”
TalkTalk is unable to say how many of its 4 million customers were affected by the major data breach, in which peoples’ names, addresses and partial bank account details were stolen.
The company said on Saturday that the amount of information was “materially lower” than first feared and insisted that it would be impossible for customers to lose any money solely as a result of last Wednesday’s cyber-attack.
Harding said it was “too early to say” whether the company will establish a compensation fund to handle the fallout from the attack because it was still unclear how many customers had been affected and to what degree.
Detectives from Scotland Yard’s cybercrime unit are investigating the hack attack specialists amid reports that specialists from BAE Systems have been called in by TalkTalk to track down the hackers.
Harding declined to comment on whether she believed those behind the attack would be caught or say whether the company would rule out paying a ransom demand, which was received by the firm before it went public with news of the breach.
Asked whether she could promise customers that such an attack would never happen again, Harding said: “No, that would be naive. It would be naive to say something like this will never happen again to any business.
“Digital safety is no different to physical safety. You can do your upmost to minimise it. You can arm yourself to protect yourself, but in the end there are criminals everywhere and that’s the way of the world. It’s usually tempting to say there will never ever be another attack but that would be naive.”
Paul Moore, an information security consultant, wrote in a blogpost published last September that he had contacted Harding’s office about vulnerabilities on TalkTalk’s website but said the company’s response was “aggressive, defensive and dismissive”.
At the time Moore gave TalkTalk a poor cybersecurity rating after running tests on its website, but its score was later increased after the company took steps to fix the vulnerability.
Harding, who was elevated to the House of Lords last year with the promise of raising awareness of the dangers facing children online, described hacking as “the crime of our generation” and said it affected every major company in the world.
She also hit out at “scaremongering” by media commentators in the wake of the attack, insisting that it was “very irresponsible” to whip up “mass hysteria” about the dangers of the internet.
“We are really frustrated with the number of sensationalist claims that are being made, not just about TalkTalk as a company but more importantly about customers losing millions and millions of pounds,” she said.
“I think it’s actually very irresponsible because it’s whipping up fear about the digital world. Goodness knows I’ve been one of its biggest fans … and it’s not right that having lost your bank account number and sort code that people can take money from your bank account – they can’t.”
Harding insisted that TalkTalk would “thrive” following the attack if customers saw that it was being transparent about what had happened. She said: “We and our customers are the victim of a criminal attack. What we’re trying to do – and it’s very painful and hard for everybody in the organisation working their socks off – is to be open and transparent about it and share the information maybe earlier than people are used to, so we can warn our customers and protect them.”