O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

TalkTalk Data Breach Case Study

Case study setting out TalkTalk's response to and the impact of its October 2015 data breach

Livros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

TalkTalk Data Breach Case Study

  1. 1. Data Breach October 2015 1 Reputation risk management / Crisis management & communications / Cyber & data privacy communications
  2. 2. 2 Background
  3. 3. 3 • 2003: founded as subsidiary of Carphone Warehouse • 2006: ‘Free broadband forever’ campaign marred by long waiting lists, poor service delivery, Advertising Standards Association (ASA) complaints • 2010: Dido Harding appointed CEO, demerges, lists • 2010: company publicly criticised by ICO for intrusive telephone marketing; discovered to have been incorrectly billing 65,000+ customers by Ofcom • 2012: second to market with integrated TV/broadband/phone/mobile bundle • Regularly rated amongst the worst UK landline and broadband service providers • The company suffers two data breaches earlier in 2015, and its share price had fallen 30% in the six months prior to its third breach TalkTalk – 2003-2015 Source: Ofcom - 2013, Which - 2015
  4. 4. 4 Source: MarketForce - 2016 TalkTalk – customer loyalty (composite, 2015)
  5. 5. 5 TalkTalk – financials (FY 2014) Source: TalkTalk – 2014
  6. 6. 6 TalkTalk – non-financials (FY 2014) Source: TalkTalk – 2014
  7. 7. 7Sources: Brand Finance, June 2015 TalkTalk – brand value (2015)
  8. 8. 8Source: Reputation Institute, 2016 TalkTalk – corporate reputation (2015)
  9. 9. 9 Incident
  10. 10. 10 • DDoS attack followed by SQL injection by unknown assailant(s) takes down company website • TalkTalk updates website homepage to acknowledge attack and within 24 hours notifies regulators and customers of data breach and appoint external cyber investigators • With 4 million customers’ data at risk, initial media reports focus on the sources and impact of the attack • Hackers then post TalkTalk customer data online and demand ransom, triggering rumours and media coverage about customer fraud, and raising questions about the company’s security practices and honesty • TalkTalk claims attack had not affected ‘core systems’; with customers trying to break their contracts, the company offers to waive its customer termination fee • ICO regulatory investigation results in record GBP 400k fine; wide-ranging parliamentary enquiry into cyber security praises TalkTalk’s ‘strong crisis management response’ but is critical of its failure to plan properly for a cyber attack of this scale • Teenager attackers later convicted and jailed TalkTalk data breach – overview Source: UK Culture, Media & Sport Select Committee, 2016
  11. 11. TalkTalk Data Breach Timeline – Oct/Nov 2015 Oct 21 22 23 24 25 26 27 28 29 30 31 Nov 1 2 3 4 5 6 7 8 9 10 Oct 21 22 23 24 25 26 27 28 29 30 31 Nov 1 2 3 4 5 6 7 8 9 10 Oct 21 22 23 24 25 26 27 28 29 30 31 Nov 1 2 3 4 5 6 7 8 9 10 TalkTalkMedia/socialmediaSharepriceExternalactors Cyber-attack Formally raised in Parliament, teenage hacker arrested & bailed Confirms 21k customers affected, 28k cards accessed, 1.2m customer details stolen Announces 12 months free credit monitoring with Noddle Police launch criminal investigation, ‘TalkTalk Hackers’ post data to Pastebin Second arrest Confirms 157k customers affected, 16k customers’ bank details & 28k ‘orphaned’ customer cards accessed Publicly confirms cyber-attack, notifies ICO Publishes update, states attack not on ‘core systems’ Detects DDoS attack, takes down customer website Publishes update, responds to Police arrest Publishes update, announces termination fee waiver House of Commons Culture, Media & Sport Committee launches inquiry Fourth arrestDDoS attack The Register reports website outage, customer complaints via email, social media Hackers send ransom to TT CEO Media/online speculation on attack origin Complaints about scams Customer letter distributed and published on TT website Customers complain of poor customer service, unusual account activity Coverage of fraudulent credit card activity Senior MP accuses TT of ‘cover-up’ & calls for inquiry Third arrest Suspect’s lawyers file privacy suits against Google, Twitter and three national newspapers Widespread negative reaction to TT confirmation of unencrypted data Customers complain of not being allowed to terminate contracts Confirms investigation by specialist cybersecurity firm 11
  12. 12. 12 • Unclear nature of attack and motivation of attacker(s) • High visibility of attack due to its nature, scale and duration, the perceived quality of TalkTalk’s response, and recent data breaches at TalkTalk and other companies • The company’s historic reputation for poor quality product and customer service and, in the aftermath of the attack, its IT security • Ongoing rumours and scams involving TalkTalk contribute to fears about bank account info, rumours about customer fraud, and links to terrorism • A skeptical, combative media and blogosphere • Regulatory, parliamentary and criminal investigations into the attack • Thin leadership understanding of cybersecurity • Deepening pressure on TalkTalk’s CEO to resign Significant reputational challenges
  13. 13. 13 • Attack nature and consequences • Source of attack • Impact on company operations • Impact on share price • Rumours of customer fraud • Safety of customer bank info • TalkTalk IT security practices • Data encryption • Tiscali integration TalkTalk data breach – talking points • Quality of TalkTalk response • Communications speed and accuracy of statements re number of customers impacted and types of data involved • Customer termination waiver fee • IT security fix • TalkTalk leadership & governance • CEO visibility, acknowledgement & apology • Board cybersecurity knowledge • Focus on top-line growth to the detriment of IT security, privacy, etc
  14. 14. 14
  15. 15. https://www.youtube.com/watch?v=apV5Q_f7KH0 15
  16. 16. 16
  17. 17. 17
  18. 18. 18
  19. 19. 19
  20. 20. 20 Impact
  21. 21. 21Source: City AM, 2015 Immediate share price impact
  22. 22. 22 Immediate reputational impact Source: Alva, 2015
  23. 23. 23Source: Alva, 2015 Immediate relative reputational impact
  24. 24. 24
  25. 25. 25 • Share price: -29% • Pre-tax profit: -56% • Customers: -100,000 • Financial costs: £60m – IT security – Legal – Marketing – Customer service Six-month impact (May 2016) • Customer satisfaction: +23% • Customer complaints: -44% • Customer churn rate: -0.1% • Trust in brand: +8% Source: TalkTalk, May 2016
  26. 26. One-year impact (Oct 2016) Financial impact • Legal, IT, customer service, PR costs - £60m Financial performance • Customers -100k • YOY revenue +2.4% • YOY profits -56% • Share price -29% Reputational impact • Significant loss of customers due to poor IT security, contract terminations, customer support • High profile parliamentary inquiry into cybersecurity and privacy • Record ICO £400k fine; subsequent 100k fine for failure to prevent Wipro customer service scams • CEO resignation Reputational performance • Company reputation lagged peers by 2-3% • Customer satisfaction +23% • Trust in brand +8% 26
  27. 27. 27 Source: Ofcom, Dec 2016
  28. 28. 28 Lessons & Implications
  29. 29. • Speed and transparency of communications response • Dido Harding’s visibility, acknowledgement of responsibility, apology, and empathy during and after the crisis • The responsiveness of the company’s social media team What went well 29
  30. 30. • Sometimes muddled and seemingly evasive nature of statements regarding the source, timing, size and impact of the breach, and about the types of data involved, encryption, and contract terminations • Victimhood claim when the breach was not an isolated incident and when TalkTalk seen as unprepared and selective with the facts • Decision to respond initially through the mainstream media, leading customers to complain of lack of direct communication by TalkTalk • Need for greater leadership and management knowledge of cyber attacks, customer security, technology jargon What could have worked better 30
  31. 31. 31 • Strengthen cybersecurity; better understand the link between cybersecurity, corporate reputation and risk management, and ensure all are board-level responsibilities • Prepare a strong cyber/data breach incident response plan, including a multi- scenario communications plan, and regularly train incident response and crisis teams in different scenarios • Ensure communication about customer compensation is clear and timely, and is understood by customer service • Provide ongoing cybersecurity awareness education for leadership, employees and customers • Build constructive relationships with relevant cybersecurity-related stakeholders and opinion-formers in advance of an incident/crisis Implications for TalkTalk
  32. 32. 32 https://www.youtube.com/watch?v=PlP-5buSfHo
  33. 33. 33 FURTHER INFO +44 20 3856 3599 cp@charliepownall.com linkedin.com/in/charliepownall charliepownall.com

×