By Kylie MacLellan
LONDON, Oct 25 (Reuters) - British broadband providerTalkTalk said on Sunday it had hired defence companyBAE Systems to investigate a cyber attack that may haveled to the theft of personal data from its more than 4 millioncustomers.
TalkTalk said on Friday it had received a ransom demand froman unidentified party for the attack, which has led to calls forgreater regulation of how companies and public bodies managepersonal data.
"BAE Systems are supporting us as we investigate this week'scyber attack," a spokeswoman for TalkTalk said, declining togive further details due to the ongoing investigation.
A spokeswoman for BAE's Applied Intelligence division saidthe company's cyber-specialists were analysing "vast quantities"of data to help establish how the breach happened and whatinformation was stolen.
The Metropolitan Police Cyber Crime Unit is also conductinga criminal investigation into the attack.
While TalkTalk said on Saturday it did not believe theinformation accessed would enable hackers to steal money fromits customers, British newspapers on Sunday carried stories ofindividuals who said callers posing as TalkTalk employees hadtaken money from their bank accounts.
Many customers took to social media to complain about theirtreatment following the attack, TalkTalk's third data breachthis year, with media also reporting some had been told theyfaced hundreds of pounds in fees to leave the provider.
Britain's Information Commissioner watchdog, which canimpose fines of up to 500,000 pounds ($765,600), has said it islooking into the incident but security experts said theprevalence of cyber crime showed more needed to be done.
Data released by the Office for National Statistics thismonth showed there were nearly 2.5 million incidents of cybercrime in the year to June 2015.
Simon Moores, chair of the International eCrime Congress anda former government technology ambassador, said so far thecommissioner had proved "somewhat toothless".
"The Information Commissioner needs to have more powers toreflect the direction of travel ... at a time of rampantidentity theft and exploitation of financial details," Moorestold Reuters.
He said Britain should give responsibility for informationsecurity to a single minister rather than have it spread acrossseveral government departments.
"You need to encourage a culture and a level ofresponsibility where all large organisations ... take seriousownership and responsibility for the privacy of people'sfinancial and personal data rather than having a cavalierattitude, which we have seen in so many cases," he said.($1 = 0.6531 pounds) (Reporting by Kylie MacLellan)