Executives at TalkTalk, including CEO Dido Harding herself, may face a grilling from Members of Parliament over the shoddy security practices which led to the theft of than a million Britons' data from her company.
This morning the Culture, Media and Sport Committee announced it had "launched an inquiry into cyber-security following the recent attack on TalkTalk's website."
The inquiry will be titled "Cyber security: Protection of personal data online inquiry" and follows confusion at TalkTalk as to how many customers' details had been lost, and how dangerous such a loss might be to those customers.
The Register understands the committee is fully booked for November. It is not known whether Harding is expected to provide testimony, but it would be unusual for such an inquiry not to request an audience with the company's CEO.
The extraordinary range of contradictory comments offered publicly by Harding following the attack has focused the inquiry on the "questions and concern [arising] over the ways companies store and secure information about their customers."
"TalkTalk has already been subject to two previous attacks this year," the committee noted, "in light [of which the committee has decided] to hold an inquiry into the circumstances surrounding the TalkTalk data breach and the wider implications for telecoms and internet service providers."
The Committee is interested to receive views in response to the following areas.
- The nature of the cyber-attacks on TalkTalk’s website and TalkTalk’s response to the latest incident
- The robustness of measures that telecoms and internet service providers are putting in place to maintain the security of their customers’ personal data and the level of investment being made to ensure their systems remain secure and anticipate future threats
- The nature, role and importance of encryption in protecting personal data
- The adequacy of the supervisory, regulatory and enforcement regimes currently in place to ensure companies are responding sufficiently to cyber-crime
- The adequacy of the redress mechanisms and compensatory measures for consumers when security breaches occur and individuals’ personal data are compromised
- Likely future trends in hacking, technology and security
The inquiry page is located here, and those wishing to submit written evidence to the committee must do so by Monday 23 November. ®
The Register has created a timeline of TalkTalk's contradictory comments following on from the initial announcement of a website outage.