TalkTalk won't waive exit fees

Credit: chrisdorney/Shutterstock.com

Last week's attack was the third in a year, a fact that has shaken the confidence and trust of some TalkTalk customers.

Over the weekend there was talk that the ISP were considering requests to leave without facing early termination fees, on a case by case basis.

But they've now said that customers wanting to end their contracts early will have to pay the fees, unless they've had money stolen "as a direct result of the cyber attack".

People who think they qualify for the "gesture of goodwill" must report the fraudulent transactions to Action Fraud UK, obtain a police crime reference number, and write to TalkTalk (address below).

Vigilance, again

Note TalkTalk's mention of any theft being as a "direct result" of the breach. Customers who are conned into giving out their banking or card information will have no redress.

This is the same position TalkTalk took earlier this year, when they revealed that information including addresses, phone and account numbers had been stolen.

That information was then used by thieves to pose as TalkTalk employees; in some cases they simply convinced the customers they called to pass on their bank details, while in others they persuaded people to download software to steal those details for them.

Some people lost thousands of pounds.

But TalkTalk have been unsympathetic, saying that no bank details - or the ability to access those details - were obtained from them.

Similarly, the Financial Ombudsman Service have had to warn people that their banks often aren't liable for fraud by vishing.

Smaller than feared

Over the weekend TalkTalk said the attack was smaller than they had first feared. No account passwords were stolen - so criminals can't use those to access their information - and if any financial details were lifted, they were incomplete.

In a statement the ISP told customers that the details of any credit or debit cards stored on the site were at least partially protected, with "a series of numbers hidden... eg '012345xxxxxx 6789", and could therefore not be used for financial transactions.

On Monday, however, they admitted that bank details, including sort codes and account numbers, "(as you would find printed on a cheque) may have been accessed".

They say that anyone wishing to take money from an account would need to have more information than that, and "even then, the chances are very small indeed".

The chances, therefore, of someone still under contract with TalkTalk being allowed to leave without having to face termination fees, or at least getting them refunded, also look small.

...or maybe not

What's more, some former TalkTalk customers who contacted the ISP to find out if they could be at risk have been told that their details aren't deleted when they leave.

A spokesperson for TalkTalk told the Telegraph: "There is a risk and a chance that some previous TalkTalk customers' details were stored on the website. At the moment we can't rule it out."

The ISP have said that if they discover that any former customers have been affected by the breach, they'll get in touch with them, and say anyone with any concerns should contact them.

At least people in this somewhat uncomfortable situation have access to some of the same credit reference services as existing TalkTalk customers are being offered.

Free alerts

When TalkTalk first revealed the breach, they said they would be arranging a year's free credit monitoring for their customers.

In the meantime they were directing people to Noddle, the smallest of the three main credit agencies - and the only one to offer free credit reports for life.

Experian and Equifax are larger, and are used by more companies for credit checking purposes, and that's reflected by the greater amount of information they have access to.

Noddle's credit reports may not be as exhaustive, therefore, but they are at least available free of charge, for everyone who signs up.

Source: Noddle.co.uk

On top of the free credit reports, then, TalkTalk customers are being offered a year's free subscription to Noddle Alerts, which usually costs £20 per year.

When the Alerts service is activated, users receive an email telling them when "anything significant" changes on their credit report - and when they log on they'll see a credit report reflecting that change.

Basically, the alerts service does some of the work for us - instead of having to go back and check each part of our record each month to make sure nothing unusual has appeared, Noddle will report to us the moment something new happens.

It can't stop fraud from happening - but it will at least make us aware if fraud is being attempted using our information far more quickly.

How to claim

People who believe they've had money stolen from their accounts as a result of the attack should report the incident to Action Fraud UK using this link.

Once they have a police crime reference number, they should write to TalkTalk at the following address:

Crime Notification
The Legal Department
TalkTalk Group
P.O. Box 346
Southampton
SO30 2PW