Today TalkTalk, a major telecommunications company providing pay TV, Internet, and mobile phone services to several million customers in the UK, has announced that yesterday, 21 October, there was “a significant and sustained cyberattack on” [their] “website”. As a result, TalkTalk considers that “there is a chance some customer data may have been compromised.”

That customer data may include:

• Name
• Address
• Date of Birth
• Email address
• Telephone number
• TalkTalk account information
• Credit card details
• Bank account details.

But surely, if any personal information like that could possibly have been accessed through a website entry, it was all well encrypted?

TalkTalk says: “Not all of the data was encrypted.”

Ah. So TalkTalk was happy to expose unencrypted personal data like that to a public web server?