TalkTalk suffered a serious attack on its website on 22 October and just a fortnight later, Vodafone experienced a similar hack. They are just two in a long list of companies which have had their websited hacked, including ebay, Sony and Mumsnet, and from which customer details have been stolen. Here are some tips on staying safe even if one or more of your online accounts are hacked.
Update 4 December: It has just come to light that Wetherspoons - the pub chain - was hacked back in June 2015. Its customer database was accessed and the details of over 650,000 customers may have been stolen. It includes names and email addresses. Only 100 customers had card details stolen, and it was only the last four digits of the long number. No passwords were contained in the database, but you should watch out for phishing emails and other scams. See below for potential scams to watch out for.
See also: Best free antivirus software
There's little you can do to prevent your account being hacked, of course. You have to rely on the security put in place by the companies and services of which you're a customer. However, if a service offers two-factor authentication you should enable it. Two layers of security are common with online bank accounts, but other services offer it as well, including Google. Such authentication can be a hassle, but it's worth it to keep your account more secure.
Change your password
The first course of action if you get wind of a company's site being attacked is to log into your account - if you can - and change your password. This will stop anyone who has your login details from continuing to access it.
Here’s some advice on how to choose a strong password. You can also use a password manager which will generate a strong password and enter it each time you visit that site. A good password manager will work on all your devices, from PC to phone to tablet.
It’s crucial to use different passwords for all your online accounts because if hackers get hold of your email address and password, they can try using those credentials to access Gmail, Facebook, plus other banks and services.
Monitor your bank accounts
Following a hack where you suspect your financial details have been compromised (a rare occurrence, but it can happen) watch out for small transactions you can't explain. Criminals can often try to transfer a few pounds to see if it’s possible, and also because they can go unnoticed.
If you do see any unusual activity, contact your bank and also Action Fraud UK (0300 123 2040).
Watch out for scams
Once a hack is public knowledge, others criminals will look to capitalise on it by using scams and phishing attacks to try and extract personal information from the company's customers.
They’ll do this by emailing or phoning and pretending to be from the company that was hacked. They might ask for your bank details, login details or any other personal information. Few companies these days will ask for bank details over the phone, so be very suspicious if they do so.
If anyone calls and asks for information, it’s best to call them back from a different phone (a mobile phone if they call on a landline, say) and use a number you know is genuine. Don't simply call the number they give you over the phone.
In emails, be wary of clicking on links as they can take you to fake websites which look genuine but are just a way to entice you to type in your login details which are sent straight to the hackers. Such emails are beginning to get very convincing, with plenty of Just Eat customers falling for a genuine-looking survey email which promised to enter participants into a competition to win free account credit.
Instead of clicking suspicious links, type in the address of the main website in your browser. Any page which asks for sensitive information should start with https:// - if it doesn't don't enter your details. And if you can't find details of the competition or unbelievable offer, it's probably because it doesn't exist.
See also: Security advisor
Special insurance policies are beginning to be offered which protect you against loss from online transactions. One is Phishield, which offers policies from £24.99 and covers card fraud, online shopping, phishing scams and more.
TalkTalk hack: the details
The personal details of 156,959 customers were accessed in the hack. All but 303 of those had bank account numbers and sort codes stolen. 28,000 credit and debit card numbers were 'obscured' and 'orphaned' so not only were the full numbers not accessible, but the details couldn't be paired up with customers.
The investigation has shown that the scale of the attack was much more limited than previously thought, with only 4 percent of customers at risk of sensitive personal data being accessed.
TalkTalk has said that the financial information stolen cannot on its own lead to financial loss - it's the same information you'd find on a cheque - and that all affected customers have been contacted. It has also stressed that it will not call any customers (or otherwise contact them) about the hack, nor ask for bank details or any other personal or financial information. If anyone calls you asking for this, assume it is a scam and hang up. See below for more advice on how to stay safe.
Currently, no customers can manage their accounts online via My Account because of the hack. You can find out other ways to do this and also the latest information about the investigation on TalkTalk’s website.