High-profile hacks: PAV i.t. examines security breaches at Yahoo and TalkTalk 

Figures have shown that SMEs are particularly vulnerable to cybercrime as they are seen as easy targets. But cyber criminals also like a challenge, which is why they will try and break into larger firms – with some even taking on government bodies like the CIA. These departments, along with global corporations, are expected to have the most sophisticated security systems in place to protect their data, so it undoubtedly makes headlines when they find themselves victims of online attacks. Yahoo and TalkTalk are two such firms which have recently made the news after hackers breached their systems. Such cases demonstrate how important it is to have the right protection in place and show how any business is at risk – even global multinationals. 

The Yahoo and TalkTalk attacks

News of the Yahoo breach made headlines across the globe when it was revealed data held on around 500 million users was accessed by hackers. Details the criminals got hold of – which included those of around 8 million UK users – included names, emails, phone numbers, dates of birth and unencrypted security questions and answers. 

The attack happened in 2014 but the technology company only revealed details of it in September last year as the FBI confirmed it was investigating the breach. Yahoo users were urged to change their passwords if they hadn't done so since 2014.

Just a month later, in October, UK-based telecoms giant TalkTalk was handed a record fine for security failings that allowed a cybercriminal to access its customers' data "with ease". The Information Commissioner's Office (ICO) issued the £400,000 penalty after finding the attack in October 2015 could have been prevented if TalkTalk had taken basic steps to protect customers' details.

In its investigation, the ICO found the hacker had accessed the personal data of 156,959 customers, including their names, addresses, dates of birth and phone numbers and, worryingly, in 15,656 of these cases had managed to get hold of people's bank account details and sort codes. 

The hacker had used an SQL injection, in which code is added to a web page to access data, to breach TalkTalk's systems – an attack TalkTalk should have been able to guard against, the ICO said. In conclusion, the ICO said the company failed to have the appropriate security measures in place to protect the details it was responsible for.

The fallout

Both TalkTalk and Yahoo came under fire after news of the attacks emerged. Experts and commentators questioned why it took Yahoo so long to confirm details of its hack and how many users had been put at risk. Why it took so long for the internet giant to tell its users and prompt them to change their passwords was also questioned.

Yahoo claims the attack was carried out by "state-sponsored" hackers and said this kind of online intrusion has become "increasingly common" across the technology industry.

TalkTalk meanwhile, apologised in the immediate wake of its attack and in a letter to customers said it took any threat to the security of clients' data "very seriously". The telecoms giant was criticised, however, as the October hack came after two previous attacks on the firm.

Lessons learned

Recovering from a cyberattack is a difficult process but there is some knowledge that can be taken from it – such as discovering where the weaknesses in your system are and how they can be strengthened. It is a safe bet to assume security experts at Yahoo and TalkTalk would have been asking the same questions.

Cybercrime can be devastating for a business, and as the above cases have proved any firm is at risk, so it is imperative companies have the best safety systems possible in place. And for those who have unfortunately fallen foul of hackers, finding out how it happened can better prepare you for the future.

As technology and safety systems develop, hackers and fraudsters are coming up with ever more inventive ways of attacking companies and their data, so having the most up to date and robust policies in place is important to minimise risk and vulnerability. 

At the same time, however, more basic systems must not be overlooked. As demonstrated by the TalkTalk attack, hackers will look for easy way into systems and if these routes are not covered they can be easily exploited.

PAV i.t's experts can help strengthen your existing security systems or put in place a bespoke protection package. To find out more call us on 01273 834 000 or complete our enquiry form.

Author: Jason Fry, Managing Director at PAV i.t. services


PAV i.t. services
Reeds Lane, Sayers Common
West Sussex, BN6 9LS
General enquiries: +44 (0)1273 834 000
Support / service desk: +44 (0)1273 834 433


PAV study highlights phishing threat to SMEs
A recent study carried out by PAV i.t. Services in conjunction with one of the UK's leading insurers highlighted that 29% of staff working at Small and Medium Sized Businesses (SMBs) open phishing emails.

Legal firms prime target for cybercriminals warn experts
With 62% of law firms falling victim to cybercriminals in the last year, and only 35% with a mitigation plan in place in the event of an attack, experts are warning that practices need

Security should be top priority for mobile developers to protect consumers
With the recent surge in fake apps tricking consumers out of personal data, experts are warning that manufacturers and developers of mobile devices need to make security a top priority in the design process to mitigate the serious risks posed by hackers.

PAV i.t. hosting free cybersecurity workshop for businesses
PAV i.t. will be holding a free cybersecurity workshop for businesses at Sussex Downs College in Eastbourne on Friday 24th February from 10am to 2pm.

From computer to crash helmet: Andy going for rally car glory
Andy Hollingham, an employee from PAV i.t., will be swapping his computer for a crash helmet when he takes part in the South Downs Stages rally car racing at Goodwood on Saturday 11th February.

From fiction to fact: the cybercrime threats of the future
Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK.

PAV i.t.'s experts examine security breaches at Yahoo and TalkTalk
Big business are not immune to cybercrime: PAV i.t. examines high-profile hacks at Yahoo and TalkTalk

Festive season prime time for IT outages warns PAV i.t.
With the cost of IT downtime, outages and failures costing UK businesses in excess of £12 billion in lost productivity in 2015, PAV i.t. is warning companies to be prepared...

It's good to talk: PAV i.t. urges firms to share their experiences to help in the fight against cybercrime
We regularly discuss the threats to businesses from the online world, and offer our expert advice about the steps firms can take to protect themselves. But despite various awareness campaigns about the threat of cybercrime, it remains a taboo subject


@SophosPartners @AspireCharity How about the London Revolution next year ? https://t.co/Q0BIYMFn2v - would love to… https://t.co/zNY1jYKZxN

Thanks @Sophos @krishagerman our MD Jason really appreciated the lightweight cycling gear for his ride to a very wa… https://t.co/fV36KGd7oe

We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.