Talk talk. Don’t bother
At my request, I was called the other day by someone (“Laura”) from the Talktalk chief executive’s office. I had complained that, through apparent negligence, Talktalk had allowed my personal financial information to be hacked by criminals not once, but three times in the past year.
Her call (which she made at 7:10pm, a tad late in my book—explanation, she was working on a late shift; but I wasn’t) was intended to reassure me that, actually, it was alright because my personal financial details hadn’t been obtained by the hackers (who are, apparently, legally minors).
Whilst she said that the same “reassurance” was available on the Talktalk website, I felt that a bit of external verification was in order, so I asked her to give me the url of a webpage belonging to an independent news organisation (for example, The guardian) which reported this fact.
She wouldn’t and, more importantly, couldn’t do that.
If I were in her shoes and had prepared for this call (which I am sure was repeated across many other disgruntled Talktalk customers), the first piece of information I would have found was the location of some independent corroboration of what I said. To, to be honest, I don’t believe Laura, on the grounds that she is not in a position to know one way or the other whether my data has been stolen or not. She is just parroting text she has been told to say. She may be right, but there is no evidence, one way or another.
Back to the future
This is just a mini version of the situation, at a press conference on 23 October given by Dido Harding (chief executive of Talk talk) who, when
“asked by the BBC whether customers’ bank details had been encrypted by TalkTalk, she said: “The awful truth is, I don’t know”.” (Guardian)
Let’s unpick this.
Firstly a small point to Ms Harding for honesty.
Let’s assume she was telling the truth when she said she didn’t know, at the press conference, whether the personal and financial data of her customers had been encrypted or not (despite the event happening some days previously).
I guess you can say that the CEO of a corporation might be expected not to know if the personal and financial details of its customers are encrypted or not. Personally, I would call that incompetence but there you go.
If she didn’t know, is this not the first question she should have asked her IT manager the second she was aware of the breach, however technically illiterate she was? After all, if the data is encrypted, it is likely to be unreadable, and the problem essentially goes away. Noone expects organisations like Talktalk not to be attacked; the issue is whether they have put in place enough safeguards to stop personal data (and, indeed, their data) being used.
So, the question is, did the IT manager know? Presumably not. (Had he known, it seems unlikely he would not have passed on the information to a grateful Ms Harding.)
Between Ms Harding and her IT manager, one would have thought it was possible to arrive at a conclusion one way or the other whether the data was encrypted or not. Even if it meant asking a junior programmer. And even if it meant spending more than ten minutes on finding the answer to the question.
I am left completely at a loss as to why Ms Harding didn’t know the answer to the most obvious question that a news conference would raise.
Apparently (according to Laura), Ms Harding makes inspiring speeches. That is an essential part of being an CEO, to be sure. But either failing to understand what the key issues are in a situation such as this, or simply being uninterested in them, shows a woeful lack of judgement which won’t see me rushing to buy Talktalk shares in the near future.
The interesting thing is that Laura was told to tell me that international experts (she wouldn’t name them) from around the world had concluded that the data had been encrypted all along. She wouldn’t refer me to any papers or other documents that had been produced (perhaps understandably). But nor would she refer me to any independent documents reporting this. Nor would she explain why the IT department was unaware of this.
So, I choose not to believe it.
Postscript
In his excellent book, The corporation, Joel Bakan writes,
As a psychopathic creature, the corporation can neither recognize nor act upon moral reasons to refrain from harming others.
Although my contract with Talktalk has expired, Talktalk has said that those of its customers, who rightly distrust Talktalk’s ability or interest in preserving their personal and financial data and whose contract hasn’t expired, will be financially penalised if they now choose to terminate their contract early. (This was confirmed by Laura.)
This is perfect example of what Bakan is saying. Talktalk has a moral obligation to allow customers who have—understandably—lost trust in this service provider to leave without penalty, even if the contract states it has a legal right to make a charge.
However, as Bakan says, it cannot recognise that moral duty because its primary (indeed its only) duty is towards itself.
Given this behaviour, the remaining Talktalk customers, of whom I am no longer one, have no option but to hope the next cyber attack isn’t more successful.
Related material:
> The “psychopathic corporation”
© 2015 Jeremy Marchant Limited . image Free images