New details from an ongoing investigation into the cyber attack on British telecommunication company TalkTalk reveal the hack is less serious than originally thought.
The company reported a "major criminal cyber-attack" Thursday, claiming it could "potentially" affect all of its four million customers. Investigators from TalkTalk and the Metropolitan Police Cyber Crime Unit reported Saturday, however, the security breach was limited to the surface website and not its core systems, where most private data is stored.
"We can confirm that we do not store complete credit card details on the website," the company said in a statement. Password information has also remained safe, it said, ensuring hackers currently do not have access to bank accounts.
TalkTalk CEO Dido Harding revealed Friday she received an email from the alleged hacker demanding a ransom after the attack, but the sender's identity is still unknown.
"It is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," Harding told the BBC. "All I can say is that I had personally received a contact from someone purporting...to be the hacker looking for money."
Despite the encouraging report from authorities regarding the amount of data exposed from the cyber-attack, customers are still encouraged to take appropriate precautions to ensure their identities remain out of hackers' hands. All current and former TalkTalk customers are encouraged to watch their bank accounts closely in the coming months and report any suspicious activity to the police.
This attack is the third recent data breach TalkTalk has experienced. In August, data from its mobile sales site had been subject to exposure. In February, a similar large-scale attack affected customers' names and account numbers.
"Unfortunately, cyber crime is the crime of our generation," Harding said in a BBC interview this week. "Can our defenses be stronger? Absolutely."