Id guess a smaller ISP is less prone as they wont be on someone hackers radar compared to a big company like Talk Talk

I think I would answer no to both those questions.

You won't get detailed information on how ISPs store customer data as part of security is not telling people how you do it. If enough of these happen ISPs might start giving a bit more info but I doubt you will ever get enough to properly compare them.

Budget ISPs aren't necessarily more open to hacking. A lot of the technologies needed to secure data adequately could be done relatively cheaply and should be built into the initial design. However, security has often not been considered properly when designing systems and so many IT systems have wide open security holes and the people running the systems may not know they are there (indeed some protocols that have been around for decades have been getting updates recently because people have discovered flaws that went unnoticed before).

The question was budget ISP rather than smaller. So, TalkTalk are a well known, large, budget ISP. They will be an obvious target because of the size of the customer base but I don't think being a budget ISP was a specific issue here (especially as they have plenty of other areas of their business where they can profit so it isn't as if they don't have the money).

I reckon its only a matter of time before 1 major bank is caught up in a major security breach. Im sure their systems are super tight and secure, but hackers always seem to be 1 step ahead

One wonders if BT could be a target too. Who knows how they keep their data, but they certainly have a lot of people paying by DD so bank account details etc. In fact it goes with any company that you give your details to - energy, water, phone, banks, you name it.

They may have been already, but a lot of companies don't like announcing security breaches. Especially banks.

Seems to be a shift this last few years in who is targeted. Before it was individual users with viruses and malware but as home users are more savy now with security, seems to be larger organisations that are targeted. And as seen recently, far too many dont have the security procedures in place they should

Thanks.

I was thinking about what security expert professor Peter Sommer said this morning to Today:

"Good practice says you ought to encrypt your data. The problem for these companies is staging their investment. They are constantly acquiring new customers, they are providing new services, the customers themselves want more facilities.You can quite see a situation in which, for straightforward commercial reasons a company decides to delay a little bit putting in an upgrade, it then has difficulties with the upgrade, it doesn't think about the changed security environment - hackers are using new techniques all the time - and that's the decision they have to make. It looks as though they have made some rather unfortunate decisions."

But I guess that can apply to any ISP not just the budget ones.

Edited by deleted (Fri 23-Oct-15 14:55:51)

Agreed, there should be a legal requirement for companies who keep senitive data about their customers to keep it secure. Though I doubt it would ever be enforced; who would the enforcers be?

TalkTalk customer data was stolen as recently as February of this year: http://www.bbc.co.uk/news/technology-31656613

They seems to have a history of this now.