Embattled telco TalkTalk, under fire for losing four million customers' data to an apparent hack, was hiring an information security officer just seven days ago.
Following TalkTalk's announcement of the data breach, which it bizarrely attributed to a Distributed Denial of Service Attack directed at its website, the company made confessed that it had been storing its customers' information in an unencrypted format.
This may have been due to some personnel shortages at the telco, with an advertisement for an information security officer going up just seven days ago.
The telecommunications company stated it was "seeking a skilled and highly experienced Information Security Officer to assist with the on-going programme of work to define, promote, achieve and maintain compliance with TalkTalk Information Security Group Policies with a view to reducing the risk of information security compromise."
Earlier today TalkTalk's chief executive, Dido Harding, apologised for the company's lax security practices. Concerns have been raised about the telco's website being non-compliant with PCI-DSS requirements, potentially leaving customers' card data accessible to cybercriminals.
TalkTalk is yet to confirm specifics regarding the attack. It has, however, begun emailing customers its official response:
TalkTalk have (finally) emailed customers pic.twitter.com/iZ6bZEdtRQ— James Ball (@jamesrbuk) October 23, 2015
The Register has created a timeline of TalkTalk's contradictory comments following on from the initial announcement of a website outage.