TalkTalk tumbles further as hacking fears linger, MPs launch inquiry
Updated : 18:33
Shares in TalkTalk and some telecoms sector peers were knocked back for the second time since Friday's cyber-heist, after hackers warned over the weekend that they were planning another attack
A parliamentary inquiry into the attack has been planned, culture minister Ed Vaizey told the House of Commons on Monday, with some MPs questioning why in the US companies can be fined millions for failing to protect customer data while in the UK TalkTalk is only liable for a maximum £0.5m fine from the Information Commissioner's Office (ICO).
In a message posted online by those claiming to have launched last week's “significant and sustained” cyberattack on TalkTalk's website, the purported hackers said they were looking at other potential victims.
"We [have] access to all credit card numbers. We have access to all bank accounts. Our next target is another English telecom," the message read on Pastebin.com, a website commonly used by the hacking community.
Shares in TalkTalk were down 9.2% at 233.3p at 1130 GMT on Monday, having fallen from 288p last week, while Sky and BT, which also provide similar services, were in the red too.
TalkTalk, which last Thursday evening said all 4m of its customers could be at risk, has since been threatened by thousands of legal claims on top of a widespread customer exodus from those angry that the company has failed to effectively protect sensitive data.
Analysts have calculated that the cyberattack could cost TalkTalk more than £50m-£70 in lost revenue and other related costs, while others have put costs into the hundred of millions.
The FTSE-listed company's website has remained offline since the attack, with Scotland Yard's digital experts assisted by expertise from BAE Systems' Applied Intelligence unit.
In an interview with the Sunday Times, TalkTalk chief executive Dido Harding said the company was under no "legal obligation" to encrypt sensitive customer data, such as bank account details.
"It wasn't encrypted, nor are you legally required to encrypt it," she told the newspaper. "We have complied with all of our legal obligations in terms of storing of financial information."
However, lawyers have argued that customers who claim TalkTalk has breached data protection laws could sue the firm, with potential payouts of about £1,000 per person.
The company could also be subject to a probe by the Information Commissioner’s Office as to whether it breached the Data Protection Act by failing to protect customer details, with a £0.5m penalty within the ICO's powers.
It was alleged by digital security blogger Brian Krebs that the hackers only asked for $80,000 in a ransom demand sent to TalkTalk.
Analysts at Berenberg said the company's shares were also being hit by a possible weak second quarter for net broadband additions, with the price down 40% from its May highs, and predicted the full fallout from the hacking episode could escalate massively.
"In a statement to customers, TalkTalk said it was looking to offer a year’s free credit checking to its 4.2m customers. This would likely come at a cost."
A worst-case scenario would be to take a typical credit checking offer would be £380m, it said, "which would wipe out this year’s EBITDA, and more. Whatever it does, the company is clearly worried about the affect on its subscriber share, and rightly so given the high cost of customer acquisition and churn."
However, David Battersby, investment manager at Redmayne-Bentley, saw potential in TalkTalk shares, believing the market had overreacted and predicting the company will not suffer too badly from a customer exodus.
He said that recent price declines, along with the group's dividend yield near 6% had made the stock attractive.