The dust hasn’t even settled on the TalkTalk breach and we are already seeing another TelCo compromised, this time in the form of Bluebox Broadband.
According to the BBC, the Northern Irish company was hacked into sometime before Thursday of last week and names, email addresses and phone numbers – but no financial details – were published on an unknown forum from which they have now apparently been removed.
The Police Service of Northern Ireland’s cyber-crime unit was promptly informed.
Scott McClelland, the firm’s managing director, said the personal data had been swiped from a server used to record online interest in Bluebox’s services, despite the fact that the company reportedly has strict data protection policies in place.
Whether that is correct or not will soon become apparent as the Information Commissioner’s Office has been made aware of the incident and is currently ‘making inquiries’.
Talking to the Beeb, McClelland, who said the firm became aware of the breach on Friday, added that:
At Bluebox we have always taken security very seriously and this incident is the first time anything like this has ever occurred in the 10 years since we began providing internet services.
While no significant customer information has been exposed, we will be working with independent experts to learn lessons and take all steps necessary to prevent anything like this happening in the future.
Bluebox says it has contacted all affected customers and apologised.
Hopefully it has also offered them some helpful advice, such as changing their passwords and ensuring they are not using the same login details for any other online accounts they may have (sadly, that does happen, and all too often).
And, while the limited amount of data that has been leaked is unlikely to pose any direct risks to Bluebox customers – it isn’t enough to commit identity theft, for instance – it may be sufficient to create targeted phishing emails, so I would advise anyone affected to be on their guard in the near future, and to think very carefully before clicking on any links that appear to be from the company.
Equally, I would also advise you to be on your guard against phone calls purporting to come from Bluebox – if you have any doubts as to the identity of the caller do not be afraid to hang up and then call the company back on an official phone number taken from a statement (preferably using a different phone as their are some scams in which a caller can stay on the line, long after you hang up).
It is currently unknown who perpetrated this attack but, given the events surrounding TalkTalk, I would not be surprised if it was carried out by one or more younger people.
As for Bluebox, let’s hope its incident response plan is a little more… effective… than that demonstrated by TalkTalk – I don’t think Twitter could handle another Dido Harding episode!