British broadband provider TalkTalk said it was hit by a cyber attack that may have compromised the personal data of more than four million customers.
On Friday, the company said it received a ransom demand from an unidentified party claiming responsibility for the attack. On Saturday the company said the breach may not be as bad as initially feared. And CEO Dido Harding told the Sunday Times: "[Our data] wasn't encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information."
- If the breach is confirmed, it would make it one of Britain’s largest security breaches.
The data compromised last week may have included credit card and bank details, TalkTalk said.
"We have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," Harding said.
Jens Monrad, a Copenhagen-based security expert for U.S. cyber defense firm FireEye, said samples of financial data which appeared to come from TalkTalk customers appeared to be for sale on the "dark web."
TalkTalk is a broadband supplier of phone and television services in the UK.