Member Info for Gcoffey

They did not disappoint. A new box, a new interface and a new style of watching live tv and vod content. The ability to watch different content on multiple devices at the same time is a real game changer. Moving away from the traditional tethered stb in each room. Whilst it might have a premium price tag, it does bring alot of extra functionality.

So big news expected tomorrow and should finally get more details on the new stb. Exciting stuff.

You really believe that? How many people said the same thing after the first breach and then the second breach... History repeating itself. Dido did what any CEO would do in her position, try to instil confidence in the city and with investors. You cannot hide the underlying problem. Maybe have a read of http://www.theregister.co.uk/2015/11/13/talktalks_security_revealed/ interesting to note that BAE have apparently been working with TalkTalk since June and apparently undertook a full audit. From the information I disclosed to the company, it should have already been logged in the audit and resolved. Over 3 weeks after the breach and the issues disclosed are still present. So forgive me for being down on TalkTalk, but there is a lack of urgency and a lack of customer service. Try to fight your customers and the customer will eventually fight back .

Laferrari, I haven't checked the phone book in a while but I seem to remember bank account numbers and sort codes where not something published. I also seem to remember that you could go ex-directory I.e. Choose to not have your details published. Please correct me if any of this has changed. If you have a gander at talktalks privacy policy it clearly states that customer information will not be shared with third parties unless customers explicitly 'opt in' to such a sharing of information. Now I don't remember seeing anything from TalkTalk by way of opting in to share my information with anyone. So as well as breaching the data protection act they have also breached their own privacy policy. So you can see why customers, myself included, would be disgruntled. You cannot put a price on the loss of any customer information, the loss may only be felt by the company in the short term but for the customer it can be years for the customer. Based on what I have read from other customers following the breach they share the same sentiment that no matter how cheap your services are if you aren't looking after the customer they wont hang around.

I imagine it will go something like 'Free speed upgrade for 6 months then £24.99 per month for 12 months' and in 12 months that service will actually be cheaper than the price you are now paying

Read the half yearly again. They stated that they will be offering ALL customers a free upgrade of services. Some damage control. As for it dropping below 230, where have you been? It reached a new 52 week low last week. Companies that handle card data normally have frequent auditing and patching of systems, its likely this does not cover all of talktalks systems OR the card data environment is managed by third party so the rest of talktalks systems would not be privy to audit.

Easy to ignore the current issues... it will all blow over, it wasn't that serious, it happens to other companies all the time. Lots of people in denial, the company will have to foot that 35m bill at a minimum, there is then other costs to consider... - Law suits to follow - The cost of upgrading customers - Loss of revenue due to increased churn - Fines that may be imposed by the ICO etc

Granted, apart from slow connection speeds at times I never had any issue with TalkTalk until I decided to move house.

A free upgrade for all customers... Interested to see what exactly the conditions of this are. I was / am (2 weeks and still not been cancelled) a broadband customer the only free upgrade they could offer is a higher speed, however my line is capped based on distance to exchange etc. So how exactly could they envisage upgrading me, unless they plan to drop some fibre. And mention of securing their systems, good to mention but maybe difficult for them to put in practice. Nearly 2 weeks after I disclosed information to the ceo re. Existing vulnerabilities and they are still present I.e. Nothing has been done. Not holding my breath on this, they have failed to fix issues they where made aware of 2 weeks ago and they have yet to cancel my contract (btw I am still having to pay for TalkTalk services I don't even have as they failed to install them on the date agreed)

An ex customer received a TT advertising flyer in the post and the majority of figures stated on there where incorrect. The commercial director admitted to him the made a mistake and they are now liasing with the ASA. How incompetent can one company be. Original article http://www.theregister.co.uk/2015/11/10/talktalk_ads_incorrect_savings_rivals/

Beamer. As a customer, and my experience with TT in light of what happened, I have gleamed nothing positive from this. There are different levels in securing systems and networks. The groundwork is ensuring your systems and equipment are patched regularly, think bi-weekly or monthly at worst. As TT handle card data they will have a seperate card data environment. Access to and from that environment should be secure from day one I.e. It cannot be put live unless it satisfies criteria defined in PCI DSS. Everything outside the CDE is generally secured to the same standard but is not audited unless the systems interface with systems in the CDE. The attacker seemingly executed a crafted SQL injection attack against a page that interfaced with a database containing sensitive data. Data which is generally held in the CDE, data that should not be exposed to insecure systems. So inadequate monitoring I.e they should have recognised the SQL injection sooner, and inadequate access control I.e. Should that system really be exposed publicly. I have implemented PCI standards at a number of organisations and the big players already have adequate measures to prevent things like this, even if systems are insecure they have enough security at their front end to prevent an exploit or an attack.

Rubbish. It takes 3 attacks like this to highlight TTs incompetence. They failed to secure their systems and they still have insecure systems today. So what have they learnt from this recent attack? Plead ignorance. I can tell you that other telcos have processes and procedures in place so that insecure systems never see the light of day on their public networks, they also scan their systems daily so if there are vulnerabilities they are proactively managed rather than left to fester. It sounds like TT are a cheap provider for a reason I.e.they scrimp on customer service and security. Those two things are pretty key to customers and will be closely scrutinised even more now

Licker, I agree. This goes right down to the core. I feel sorry for the employees that are caught between what management are enforcing upon them I.e. Retain customers at all costs, and what the customers are telling them. Telling your customers they must prove something to the company is completely and utterly disgusting. It reeks of a culture where money is king, and decency is non existent. Had TT held up their hands and apologised profusely, engaged with customers on a deeper level and even promised to do their utmost to ensure their systems and personal data will be secured from a given date, the sting may not have been so bad. Instead they try to pass blame to customers and attackers, it takes the pi** that they are offering 1 years free credit reporting. Customers want security and enclosing them in a contract after you have grossly messed up is wrong on all accounts. I have spoken to different customer service & cancellation agents and they all have the same MO I.e. It seems they read from a script. If they don't have an answer to your question they freeze up and regurgitate something they read earlier. I have received voicemails from the CEOs office and the guy sounds beat down, like he doesn't give a crap and doesn't really want to talk through these issues. The only person that showed any decency is the chief of staff, he promptly replied to my email sent to Ms Harding and showed a level of compassion indifferent to the rest of TT. I am still going through their process and if that fails to meet my expectation I will be taking a different avenue to have my grievances appeased.

You have ignored my posts, I won't waste anymore time responding to you.

If the new sky stb and services live up to the hype, it will be a massive game changer for sky and the industry. They have been working on the new box for the best part of 2 years and it will be a complete overhaul to the traditional stb, with added features such as cloud dvr (I.e. Making your stb recordings available on your mobile devices when you are out and about). Looks like the box will be dropping in the next week or two, I've been adding to my position over the past two weeks.

Thanks for posting that. It sounds as though hackers got into their systems discretely in 2013 quite regularly, being able to access new customer details and see the technical issues that customers has logged. It sounds as though some of the vulnerabilities I flagged have already been exploited, as to gain that kind of exposure across multiple TalkTalk systems would require privileged access. The fact it seemingly went unnoticed and TalkTalk did not take any action based on customer complaints puts the company in an extremely exposed position now. If it is shown that the company was fully aware of a breach and failed to report they could be looking at extremely hefty fines above and beyond the 500k.

"I think the coverage of the hacking has been a disgrace" Had TalkTalk taken action after the 1st attack 12 months ago perhaps their would not be as much attention, the fact it has taken 3 attacks before they actually TalkTalk fix the issues should tell you exactly what kind of company this is. "How many people actually lost money from their accounts ?" Who cares, money can be compensated, that loss of personal data cannot be. You either work for TalkTalk or are so dense to believe that TalkTalk have done absolutely nothing wrong. They failed to secure their systems on two previous occasions, they have paid the ultimate consequence this time round as the media are having a field day. If you blame anyone for your declining SP or negative media coverage, you blame the company.

On the up to 500

More fool you. Resorting to personal attacks I see. Perhaps if you understood the situation and what I have been talking about it wouldn't seem as farfetched as you seem to make out. I have indeed contacted the CEO and received a response from the chief of staff on behalf of Ms Harding. However, that was a more generic 'we have received your email' type response. That was 4 days ago.

Well it looks like TalkTalk have finally done something regarding the issues I raised with the CEO. Albeit it looks like a band aid rather than a long term fix i.e. Stick a cache / web accelerator in front of the affected servers. Some of the more serious issues have not been addressed, but its a step in the right direction at least. I must also add that I have had no reply on these matters which I find a bit ignorant considering I pointed out flaws that their engineering teams should have rectified long ago.