|
|
|
|
|
|
|
Im on TTB but via a reseller. Do resellers pass on customer data to Talk Talk or am i safe?
|
|
|
Sorry, I wouldn't know, but people in TT forums might or someone can provide that info later. There is a statement on TT website:
http://help2.talktalk.co.uk/oct22incident
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
Pulse8 replied saying only basic info is passed over which is needed to get a line installed. So assume tel no and address?
|
|
|
I have just heard Dido Harding on R4. She was asked "Can you confirm that customer data was encrypted". She refused to answer that it had been. Make of that what you will.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
M H C
taurus excreta cerebrum vincit
|
|
|
|
There own statements admits not all was encrypted. Funny how they claim customer data security is at the upmost importance then dont encrypt some of it. So clearly its not is it?
Why dont all companies encrypt ALL customer data? Too many dont and there is no excuse these days not to
|
|
|
Wouldn't data encryption be more relevant in the case of physical hard drive theft? If this attack was using an exploit in TalkTalk control panel systems, which would need to decrypt the data in order to make use of it, then the encryption would be bypassed I would have thought.
Oliver.
|
|
|
|
Not sure in this case but there has been data theft where hackers stole a database with details stored in plain text. PSN for example to name just one
Should be law that data cannot be stored in plain text
|
|
|
If someone has managed to steal a database it usually means they would have no trouble finding decryption keys, i.e. you email address has to be stored in a way that can be decrypted to send you an email, or your address for posting out bills
There are ways to store passwords so that not even the website owner can get the actual password back, i.e. one way encryption. Though some of these methods can be broken given resources - hence why at this stage any discussion is going to be vague so not to give people who have acquired data any snippets of useful information.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
I have just heard Dido Harding on R4. She was asked "Can you confirm that customer data was encrypted". She refused to answer that it had been. Make of that what you will.
And this despite having answered in the negative on their own website...with the addition of a beautiful example of obfuscation in answering a different question to the one posed.
""Was the data encrypted? If not, why not?"
Not all of the data was encrypted. We constantly review and update our systems to make sure they are as secure as possible. We�re working with the police and cyber security experts to understand what happened and protect as best we can against similar attacks in future."
|
|
|
Someone, in the now extensively updated BBC article, has mentioned that it is Get Safe Online Week!
Quite funny.
|
|
|
|
BBC reporting it was Russia-based Islamic jihadist who stole the data and although unconfirmed have posted the data online.
|
|
|
|
I wouldn't rule out Putin at this stage, if the attack originated from Russia.
|
|
|
one way encryption
The correct term for this is hashing. Encryption is the securing of data so it can be recovered and not easily read by anyone else except the intended recipient(s). Hashing destroys the data, and is only useful for some form or data verification. Encryption does not destroy it.
Edited by deleted (Fri 23-Oct-15 12:23:19)
|
|
|
Yes I agree if there was a file sitting on a file system, like an Access database or something which the hackers simply downloaded via FTP then it is essential that is encrypted. If however the database was accessed via some internal system which decrypted the data in order to read it, having an encrypted database makes no difference.
It's one of those details which the public are never told about during incidents like this.
Oliver.
|
|
|
|
In view that Talk Talk customers details have been compromised wouldn�t it be prudent for those customers to change their email address and ask their bank/credit card companies to issue them with replacement cards, change their security question and passwords immediately to secure their accounts? Their name, date of birth, address and telephone number are not as risky as the rest of their as their bank/credit card details except that they can be used for identity theft. If I were an affected customer I would certainly would have contacted my bank/credit card companies and changed my details immediately.
|
|
|
Which is pretty much the advice floating around
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
|
Changing bank card is pointless. A DD is setup with am account number. Changing card wont change the account number
|
|
|
|
The BBC video report, where the CEO was being interviewed, stated that they would be offering 1 years free credit reporting (with Experian or what not) as part of some compensation and mitigation to the data breach. Hats off, because I actually think that's pretty decent of them and about the only thing they can possibly offer given the severity of the data breach, and how information could be used for identify theft.
|
|
|
|
A couple of questions:
Is there a way to knowing which ISPs secure your personal details better?
Are budget ISPs more prone to hacking due to lack of continued investment in security?
|
|
|
|
Id guess a smaller ISP is less prone as they wont be on someone hackers radar compared to a big company like Talk Talk
|
|
|
|
I think I would answer no to both those questions.
You won't get detailed information on how ISPs store customer data as part of security is not telling people how you do it. If enough of these happen ISPs might start giving a bit more info but I doubt you will ever get enough to properly compare them.
Budget ISPs aren't necessarily more open to hacking. A lot of the technologies needed to secure data adequately could be done relatively cheaply and should be built into the initial design. However, security has often not been considered properly when designing systems and so many IT systems have wide open security holes and the people running the systems may not know they are there (indeed some protocols that have been around for decades have been getting updates recently because people have discovered flaws that went unnoticed before).
|
|
|
|
The question was budget ISP rather than smaller. So, TalkTalk are a well known, large, budget ISP. They will be an obvious target because of the size of the customer base but I don't think being a budget ISP was a specific issue here (especially as they have plenty of other areas of their business where they can profit so it isn't as if they don't have the money).
|
|
|
|
I reckon its only a matter of time before 1 major bank is caught up in a major security breach. Im sure their systems are super tight and secure, but hackers always seem to be 1 step ahead
|
|
|
|
One wonders if BT could be a target too. Who knows how they keep their data, but they certainly have a lot of people paying by DD so bank account details etc. In fact it goes with any company that you give your details to - energy, water, phone, banks, you name it.
|
|
|
|
They may have been already, but a lot of companies don't like announcing security breaches. Especially banks.
|
|
|
|
Seems to be a shift this last few years in who is targeted. Before it was individual users with viruses and malware but as home users are more savy now with security, seems to be larger organisations that are targeted. And as seen recently, far too many dont have the security procedures in place they should
|
|
|
Thanks.
I was thinking about what security expert professor Peter Sommer said this morning to Today:
"Good practice says you ought to encrypt your data. The problem for these companies is staging their investment. They are constantly acquiring new customers, they are providing new services, the customers themselves want more facilities.You can quite see a situation in which, for straightforward commercial reasons a company decides to delay a little bit putting in an upgrade, it then has difficulties with the upgrade, it doesn't think about the changed security environment - hackers are using new techniques all the time - and that's the decision they have to make. It looks as though they have made some rather unfortunate decisions."
But I guess that can apply to any ISP not just the budget ones.
Edited by deleted (Fri 23-Oct-15 14:55:51)
|
|
|
|
Agreed, there should be a legal requirement for companies who keep senitive data about their customers to keep it secure. Though I doubt it would ever be enforced; who would the enforcers be?
|
|
|
TalkTalk customer data was stolen as recently as February of this year: http://www.bbc.co.uk/news/technology-31656613
They seems to have a history of this now.
Oliver.
|
|
|
https://ico.org.uk/about-the-ico/news-and-events/new...
The people who have power to fine etc over date loss have a statement already on the TalkTalk incident
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
They also have a guide on what a good practice should be:
https://ico.org.uk/media/for-organisations/documents...
Let's hope TalkTalk read it.
|
|
|
The video clip in this article is worth listening to.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
|
It's incredible the amount of coverage this hack is receiving. Shows the scale of the damage and the seriousness of the issue. Not sure TalkTalk would be able to recover from the hack and the blanket coverage of it.
|
|
|
Probably more easily than VW from their screw-up.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
|
It will be old news in a few days when the media get bored
|
|
|
|
Maybe old news for customers of other ISPs but not for the TalkTalk ones.
What would you do if you were a TalkTalk customer knowing that your ISP has been hacked three times in the last eight months and the potential scale of the latest breach? I know what I would do.
|
|
|
|
People think changing ISP is a hassle even though its not. Bet alot just stay with them rather than bothering to look elsewhere
|
|
|
Technically incompetent ISP get hacked, who would have thought eh?
AAISP Home::1
|
|
|
|
True. The big mistake from my point of view is that TalkTalk waited till Friday to speak about it. It's going to be all over tomorrow's newspapers allowing people to have plenty of time on weekend to digest the news.
Somehow this hack feels much more publicised than any other ones I can remember. I might be wrong though.
|
|
|
|
What are the details of the other 2 hacks? I know about them but not research them
|
|
|
|
Talk Talk are probably limited to what they can say as its a police investigation. Tabloid papers will print what they want (some of it pure speculation to sell papers). Talk Talk have actually come out pretty quickly about this. Usually its days later before a company goes public on a hack
|
|
|
Covered to some extent in the video clip I recommended earlier.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
Taken from the " TalkTalk hacking crisis deepens as more details emerge" article:
"It is the company�s third major security breach in the last year. In December 2014 customers received India-based scam calls after the first breach. It happened again in February, with TalkTalk customers being subject to further scams despite the company describing the information that was stolen in the breach as limited and non-sensitive.
The information commissioner, who is already investigating the previous two security breaches, criticised TalkTalk for taking more than 24 hours to tell his office what had happened. Christopher Graham told BBC Radio 4�s World at One: �I wish we had heard a little bit earlier and we could have been more �out there� giving advice to consumers about what they need to protect their personal information.�
|
|
|
Probably get a slap on the wrists by the ICO.
|
|
|
Maybe the Chinese will buy them out 
plusnet user
|
|
|
You think they may have a yen for it?
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
The video clip in this article is worth listening to.
I will be really interested to see how many customers they allow to break their contracts and leave penalty free because I suspect they'll do their damnedest to sweep this under the carpet and maintain the contracts - that's what they did to customers in the data breach at the beginning of the year.
|
|
|
I have just heard Dido Harding on R4. She was asked "Can you confirm that customer data was encrypted". She refused to answer that it had been. Make of that what you will.
All I can say is I work in IT security and I do a lot of the security work which goes into firms being PCI (Payment Card Industry) certified... 99% of firms are using windows server 2003 and have customer details in clear text format. I have found bank details of customers in some of the largest retailers, stored in .txt files.
You say banks are better, ermm.... ok.
Edited by ukhardy07 (Sat 24-Oct-15 02:14:58)
|
|
|
plusnet user
|
|
|
As well as the main Times article today there is one on page 6 about people having their bank accounts "cleared out".
A couple of extracts , my bold  :- Donna xxxx, 43, a mother of two, told how an attempt to take funds from her bank account was only thwarted because Santander became suspicious and blocked it.
...
She has linked the breach to TalkTalk because her banking and internet passwords were the same. Elizabeth xxxx, 46, a tutor at the University of xxxxx, was a customer of Onetel until it was bought out by TalkTalk. She said her Onetel email was hacked in the past three weeks and her TalkTalk phone bill suddenly shot up this month without bearing any relation to usage.
�Like every other person in this country you go with an account password which is easy to remember and use the same one for lots of different things, like online banking,� she said. D'oh !!!!!
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
Yeah that's bad. But I personally wouldn't use an online bank account with BACS facilities without PIN Sentry type device anyway.
Oliver.
|
|
|
|
I have different passwords for every site i use. Just write them down so you dont forget. Saves hassle of one site is hacked. No need to change the rest
Do you ever supply TT with your bank card number? They will have your account number to set up the DD but they cant clear your account with that only set up a DD
|
|
|
Given the bank details I doubt if that matters very much to the hackers.
For instance, my RBS and IOM Bank (an RBS subsidiary) card readers use the same algorithm to calculate the response key. I expect NatWest also use it.
They could either re-assign a clone card or just hack the algorithm at some time in the past and give the correct responses online when requested.
Edit - Ah, they probably need the full number of the bank card.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
Edited by RobertoS (Sat 24-Oct-15 15:32:49)
|
|
|
Yeah that's bad. But I personally wouldn't use an online bank account with BACS facilities without PIN Sentry type device anyway.
Or make banks offer 2 steo verification. Its so simple and adds an extra layer of protection. I have it enabled for Outlook, Gmail and Facebook. Even if Mr Hacker knew my password without my phone it would be pointless
|
|
|
I don't use TT, though they probably have my name, address and phone number. Nothing else.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
I have different passwords for every site i use. Just write them down so you dont forget. Errrmmm. Wasn't that the point I was making? The whole reason for my post?
My bank passwords and PINs are not written down. No financial ones are. Only non-critical ones. Just hope yours aren't found by a burglar.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
|
Which most companies sell anyway. Ive had calls on my mobile asking if i have been in an accident and they quote my full name. Someone sold them that data
|
|
|
|
Yea i know thats what your post about just saying what i do. id rather have it written down on paper than trust any other organisation to keep my details safe. Wasnt a password manager recently compromised?
|
|
|
I believe one was, yes. I've never even considered using one. A totally daft idea.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
Edit - Ah, they probably need the full number of the bank card.
They'd need both the chip and the pin.
Oliver.
|
|
|
|
Mine are all in an encrytped Excel sheet on a PC protected by its own password.. They change regularly, so I can't remember some of the more obscure ones. A lot of them are the same (except bank ones) as its hard maintaing 150 passwords for different sites that really aren't a security risk. I certainly don't write them down.
|
|
|
Yes  .
There are many ways of (relatively) securing our usernames and passwords. The point of my post was the idiocy of I assume many thousands or even millions of people who think like the one that said "Like every other person in this country ...."
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
For instance, my RBS and IOM Bank (an RBS subsidiary) card readers use the same algorithm to calculate the response key. I expect NatWest also use it.
NW, Barclays and Nationwide card readers are interchangable. When the Barclays one arrived I was told something like that.
Michael Chare
|
|
|
Presumably that means all 5 are, so probably Lloyds as well.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
NW, Barclays and Nationwide card readers are interchangable. When the Barclays one arrived I was told something like that.
Yes, their purpose is purely to feed the PIN into the chip and read the response. There's no "secret stuff" going on inside the card reader at all.
Oliver.
|
|
|
The latest is that apparently TalkTalk cyber attack 'smaller than originally thought'
Let's hope so, but the damage might have already been done to TalkTalk's reputation.
|
|
|
Yes, their purpose is purely to feed the PIN into the chip and read the response. There's no "secret stuff" going on inside the card reader at all. ?
My two calculate a result from a code supplied online, for me to enter on the bank website. It does a lot more than check the pin number.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
My two calculate a result from a code supplied online, for me to enter on the bank website. It does a lot more than check the pin number.
Yes, the card's chip is like a mini computer, it takes the PIN, runs an algorithm on it, then outputs the result to the reader. The reader doesn't do any processing.
Oliver.
|
|
|
|
I doubt it. The Playstation network hack was/is the biggest ever data theft but hasnt effected the sale of the PS4. Quite the opposite infact
People are quick to forget
|
|
|
We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account
So any tabloid headline about x having their account cleared our by hackers is unlikely to be due to the TT hack. Obviously the tabloids wont care about the facts though
|
|
|
The other information taken, If true, can potentially cause problems for years to come as mentioned in the TalkTalk cyber-attack sparks calls for new regulatory powers article.
Earlier in the week, experts had warned the information seized � including names, addresses, date of birth, and email address of some of its four million customers � could still prove invaluable to criminals.
�With this level of information, fraudsters can create new bank accounts or take out loans under an actual person�s name, causing problems for fraud victims for years down the road,� said Ryan Wilk, director with NuData Security.
|
|
|
|
All that info with the exception of the email address is available free from Companies House if you are director of a company.
....and lots of UK residents are - including me.
.....and I don't recall there being howls of outrages about all these people having their ID stolen and loans taken out in their names on a daily basis.
|
|
|
All that info with the exception of the email address is available free from Companies House if you are director of a company. Only very recently.
But free from "copying" sources I agree.
Though the addresses are often either the trading address or the registered office (usually the accountant's) address.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
Edited by RobertoS (Sat 24-Oct-15 21:05:15)
|
|
|
LINK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
M H C
taurus excreta cerebrum vincit
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It's sounding less and less serious
Youtube statement from Dido Harding Baroness Harding of Winscombe https://www.youtube.com/watch?v=f3ENte820Ao
Edited by deleted (Mon 26-Oct-15 07:51:48)
|
|
|
No doubt she will be providing more soundbites today. With thousands of compensation claims to be investigated by TalkTalk, this story has only just started.
This is interesting, although might be old news:
https://krebsonsecurity.com/2015/10/talktalk-hackers...
|
|
|
|
|
|
|
Shadow Minister for Business, Innovation and Skills, Chi Onwurah, is to ask an Urgent Question on data breaches and consumer protection on Monday 26 October 2015 in the House of Commons. She will ask about the Government's responsibilities and policies protecting consumers and infrastructure from large scale data breaches such as that suffered by Talk Talk.
It is estimated the Urgent Question will begin 4.15pm, following the Urgent Question on the arrest of protesters. Timings are approximate as Parliamentary business is subject to change.
http://www.parliament.uk/business/news/2015/october/...
|
|
|
|
|
|
|
|
Why arent your details removed once you leave?
You have left, they have no reason to hold any personal information on you anymore
|
|
|
They probably need most of it for seven years, for accounting purposes.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
There could be many reasons (commercial, legal) for organisations keeping personal data for a certain period of time. Unfortunately, the Data Protection Act does not specify the length of time it can be kept for as it could be different in different situations:
https://ico.org.uk/for-organisations/guide-to-data-p...
I am not sure if it is applicable to personal data, but the European Union's Data Retention Directive also specifies that all telecommunications data in the UK is kept for a minimum of one year and a maximum of two years.
|
|
|
An interesting development
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
M H C
taurus excreta cerebrum vincit
|
|
|
The last thing TalkTalk needed is to be humiliated by a teenager. Unless he is being headhunted by them to be their next Chief Security Officer.
|
|
|
I wonder who his ISP is? 
Tony
We have more and more laws, and less and less enforcement
|
|
|
|
If he did it alone give him a job. One clever kid
|
|
|
|
To be honest we don't know how clever.
DDOS is very easy and anyone can do it as all you need is a little bit of cash to rent a botnet.
As far as the hack itself we don't know how significant it was. And if the TalkTalk security was lax allowing for a simple SQL injection then it may not have taken much effort to do.
He could just be a script kiddie using simple well publicised exploits. It may have been more than that but at this point I am suspecting it was poor security more than genius hacking.
|
|
|
Or he might have pretended it was him in order to make the ransom demand.
Oliver.
|
|
|
|
I blame school holidays.
|
|
|
What makes me laugh is this The company said it did not know how much of their customer information had been encrypted. TT should know exactly how much of the customer information is encrypted.
But yeah, SQL Injection is an evil thing LOL.
Paul
|
|
|
|
Or more correctly the non-technical chief executive said she didn't know. This is either because she has technical staff that she employs to do it or it is plausible deniability. She doesn't need to know but she does need to ensure her employees are suitably qualified so that they do know.
|
|
|
Prior to go on-air, she should have been fully briefed and if not included asked that question herself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
M H C
taurus excreta cerebrum vincit
|
|
|
|
But that would remove plausible deniability. They may have considered it was better not to have the answer as saying you didn't know is better than saying you don't encrypt anything.
|
|
|
To me it suggest incompetence from the top down. Her advisers will have known the questions likely to come up, they should have asked them internally. Plus, there had been nearly two days from when it occurred until when the news broke. Had it been an hour then I could accept her lack of knowledge - but not with the length of time she had to prepare.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
M H C
taurus excreta cerebrum vincit
|
|
|
Why do you think it is ok to say 'paddy hack'? if it was a Pakistani kid would you post.... well? Wise up
|
|
|
Also you are aware that N.Ireland is part of the UK and not Ireland?....
|
|
|
|
She probably wasn't informed by her IT staff. Who knows who set up the website - them or an outside company? And if it was internal IT staff, were they competent enough to know they had not folllowed good security procedures? However she could have employed an external (read experienced) security consultant to test their security, but obviously didn't.
|
Pages in this thread: 
Print Thread
deleted
