Much has been said in the media about the recent attack on TalkTalk, and the worries that many people have about whether or not their bank accounts might be at risk.
That’s a legitimate worry, made worse by the confusing information that the company has given, first appearing to suggest that pretty much everything on all their customers may have been taken, and then that it wasn’t much really, and anyway they don’t care because it’s up to you to prove it was their fault if you want to leave your contract (I paraphrase, but they are, essentially, shrugging this off).
However, this isn’t necessarily just about finances. TalkTalk is one of the companies that has happily jumped on the internet censorship bandwagon that’s so heavily promoted by the current UK government.
And, as such, they force customers to choose whether or not their internet connection should be filtered. Choose filtering, and let TalkTalk decide what’s good for you, or be unfiltered – it’s your choice. But the company needs to keep a record of that somewhere.
It’s not clear whether or not that information was included in the “TalkTalk account information” that they acknowledged may have been taken, and I don’t suppose they’re going to be forthcoming out it.
But this is an important point, not just for TalkTalk but for all the ISPs that may be attacked in this way in future. Not only is your financial information at risk, but also your censorship choices.
I’ve written before about this, most recently after the Ashley Madison hack – you are on a list. That list will escape into the wild at some stage, whether by hacking, or by leaking, it doesn’t matter. You might be comfortable with people knowing that you are on the “porn list”, or you might argue that it’s a principled stand you’re taking against censorship.
Some people, though, are going to be “dismayed” or “disappointed” to find that you have smut available on your computer. In some of the circumstances I’ve talked about before, that could cause real problems, with jobs or family.
By forcing ISPs to record this sort of information about their customers, the government is providing yet another piece of data that some will be all too keen to get their hands on, and creating more ways in which data breaches of this type can ruin lives.