27 Jan 2016

Arrests at TalkTalk subcontractor over personal data breaches

“Fill out the form and hit submit.” It’s the kind of request that accompanies so many of our website visits.

But when you hit the button, who exactly gets hold of your personal details and what can they do with them?

In the past fortnight, Indian police have arrested three employees of a sub-contractor of TalkTalk, who are accused of stealing customers’ data and using it to con them out of thousands.

If proven, the allegations shed new light on TalkTalk’s poor record on taking care of its customers’ details, whether directly or indirectly. It also highlights just how global the data trade has become, and the risks involved.

Even before October’s hacking incident, TalkTalk users had complained of receiving spam calls, in some cases leading to losses of thousands of pounds; bank accounts were cleared, precious savings spirited away.

We helped one victim track down the men who scammed her, and discovered they were based in Kolkata, the city where Indian IT services giant Wipro handled its contract with TalkTalk.

Wipro’s name came up in the course of my investigation into her case, and now it seems Indian police are extending their inquiry into the firm.

Why did TalkTalk end up sending customers’ details to India? The main reason is that, by its own admission, the telecoms company was getting hammered with complaints, and didn’t have the deep pockets of its rivals to deal with them.

For us consumers, there’s a dilemma: globalised tech brings us cheap deals and convenience. But only if we relinquish control of what’s increasingly our most valuable asset: our personal information.

TalkTalk said in a statement: “Following the October 2015 cyber attack, we have been conducting a forensic review to ensure that all aspects of our security are as robust as possible, including that of our suppliers.

“As part of the review, we have been working with Wipro, one of our suppliers, and the local Police in Kolkata.  Acting on information supplied by TalkTalk, the local Police have arrested three individuals who have breached our policies and the terms of our contract with Wipro.

“The same site handles calls on behalf of a number of multi-nationals and our security teams will be sharing the details with them to ensure they can check their own operations. We are also reviewing our relationship with Wipro.

“We are determined to identify and deal effectively with these issues and we will continue to devote significant resource to keeping our customers’ data safe.  Data theft and scams are a growing issue affecting all businesses and they are notoriously difficult to investigate and prosecute.  We are pleased that our investigations have yielded results, and will continue to do everything we can to tackle these crimes.”

Wipro said: “Wipro is committed to maintaining the integrity and confidentiality of all customer data and has a zero tolerance policy on security breaches. We would like to reassure our customers that the Company continuously evaluates and strengthens its internal processes to protect itself and its customers from any data breach.

“Working with our customer, Wipro reported potential illegal activity to the relevant law enforcement authority in India, as soon as it came to the company’s attention. Wipro is working closely with the customer in the investigation and will continue to extend its full co-operation to the investigating authorities.  We are unable to comment on the matter that is currently under investigation.”

See my 23 October 2015 report – TalkTalk receives ‘ransom demand’ over hacked data: 

Follow @geoffwhite247 on Twitter

4 reader comments

  1. pete says:

    That’s what happens when you outsource key activities out to cheap countries!

  2. Pat conoboy says:

    Why are they using overseas call centres? These companies should bring back in house and train workers here. Marks and Spencer’s are another good old British company using overseas if ever I need to speak with them I request they get Chester to call me. They ask so many questions which even for security are not needed. After talk talk breach I got a call one morning at the time I was actually sat at lap top caller said there is frantic activity on your server can you please do this and this . Basically they wanted remote access but my son works in IT so I knew that wasn’t correct has anything changed NO call talk talk you still get asked the same questions. Lots of companies move their IT and call centres to India long term false economy they lose more customers than they gain along with disenchanted uk workers

  3. J Roberts says:

    Despite the fact that Talktalk customers are told they must have at least one upper case letter in their account password there is no case checker at all to make sure there is any whatsoever and they have been aware of this for over 5 years now. So much is their concern for account security that they are ignoring this absolute basic safeguard that no other company on earth would ignore.

  4. Shaun says:

    I have been receiving the Talk Talk IT scam calls for 18 months, prior to the announced hacks.
    Up to 5 calls per day, all with the sae format, trying to get me to provide them remote access to my computer.
    The rate of calls has ben increasing, not decreasing which leads me to believe little action is being taken to trace these people and shut down their scam operations.
    These operations are organised and have our personal data, kindly provided by weak security systems in Talk Talk.
    I would like to read of more arrests in India.
    Another TV news update would also be helpful. It would be fooslish for people to think the scams have gone away.

Comments are closed.