Cyber-hacking victims' fury as they are charged £245 to leave TalkTalk and calls grow for boss to step down

TalkTalk customers targeted by cyber-criminals reacted with fury last night after being told they will be fined hundreds of pounds for cancelling their accounts.

One customer concerned about security was warned she would have to pay a £247 penalty to be released from her contract.

‘It is appalling,’ said Dawn Palmer, 50, an educational manager from Leigh-on-Sea, Essex, who has received 50 calls from impostors claiming to be from TalkTalk over the past six months.

Scroll down for video 

TalkTalk boss Dido Harding, pictured, is facing calls to resign over the hacking scandal which hit her company

Customer Dawn Palmer, pictured, received 50 calls from impostors claiming to be from TalkTalk

TalkTalk has been criticised for threatening customers they have to pay to leave their contracts early

‘They said my account doesn’t run out until July 2016 so I’d have to pay an early-leavers’ penalty.’ Her sentiment was echoed by hundreds of others whose personal details were compromised.

As the telecom firm’s chief executive Dido Harding faced calls to quit last night, customers took to social media to register outrage after their bank accounts were emptied following the attack.

TalkTalk last night insisted that its website rather than its computer servers were targeted and that no credit card details are stored on the website. It did not deny that the hackers were, however, able to access bank details of customers.

Asked whether customers should be compensated rather than penalised, Baroness Harding, who pledged to clean up the web from hackers after her elevation to the House of Lords last year, said: ‘It is too early to start thinking about generic principles of compensation.’

Consumer watchdog Which? insisted customers should now be compensated, stressing: ‘No one should lose out as a result of this breach’, while the Information Commissioner’s Office questioned whether TalkTalk acted fast enough to tell customers about Wednesday morning’s attack.

Labour’s Shadow Minister for Policing, Jack Dromey, said: ‘She should now consider her position,’ he said. ‘To put four million customers at risk is something TalkTalk should be ashamed of.’

Harding, who went to Oxford University with David Cameron, said in a TV interview yesterday the amount of financial details accessed was ‘materially lower’ than initially thought. But it did not stop questions about ignored warnings and why the firm was left vulnerable to what experts described as a ‘simple hacking trick’. A former IT worker with the firm told The Mail on Sunday that he repeatedly raised security concerns with his bosses. ‘I told my manager, my senior manager and my head of department,’ he said. ‘But they never did anything about it.’

He said the cyber-attack in August on Carphone Warehouse, which used to own TalkTalk, should have ‘rung alarm bells’. He added: ‘Their system has the same origins, so I can’t see how they couldn’t have known the dangers. From day one I could see everything on it. That would include a customer’s name, address, account history, bank details, even the security code on the back of their debit card.’

TalkTalk last night insisted that it had not received ‘conclusive evidence’ that any of its customers had lost out financially because of the attack. ‘It’s still too early, we are investigating,’ said a spokeswoman.

Of the penalty fines on leaving contracts early, the company said: ‘Because we do not know which customers are affected we cannot make a decision on cancellation fees.’

All the major banks contacted by this newspaper said they were working with TalkTalk to ensure their customers’ accounts were not affected by the hacking and advised customers to watch out for any suspicious activity on their accounts.

It was still unclear last night who was behind the attack, though it is now thought less likely to be the work of Islamic extremists with experts suggesting that Russian cyber-criminals might be responsible.

‘My personal take is that this could be part of a wider pattern of activity encouraged or even supported by the Russian state as part of an effort to destabilise the West,’ said Ewan Lawson, a cyber-security expert at the Royal United Services Institute.

Jens Monrad, from the cyber-security company FireEye, said the data stolen in the TalkTalk hack could have been sold days ago, perhaps before the breach was made public. He said: ‘These hackers will want to sell it on as soon as possible so that customers don’t have time to change their passwords.’

Harding’s husband, Tory MP John Penrose, speaking at their Somerset home yesterday, said she was working ‘incredibly hard’ at TalkTalk’s West London HQ this weekend. ‘She feels that the captain should be on the bridge of the ship right now,’ he said. 

Couple who lost £8,000 savings after impostor pretending to be TalkTalk employee hacked their bank account

By SANCHEZ MANNING

Barbara and Harold Manley, a retired engineer, had nearly £8,000 stolen after someone posing as a TalkTalk employee hacked into their bank account. 

The impostor called the couple, both in their 80s, on Tuesday – the day before TalkTalk claim the hack took place – telling them that the internet connection at their Kent home was faulty.

He then told them that because this problem was TalkTalk’s fault, it needed to credit their account with £200. 

Harold Manley and his wife Barbara lost their life savings of more than £8,000 in the TalkTalk scam

It is still not clear who was behind the hack on TalkTalk's website, although Russian criminals are most likely

But when Mrs Manley, 82, a retired nurse, checked her bank account it looked like she had an extra £5,200. 

She told the man posing as a TalkTalk employee that she had been overpaid and wanted to return the money – to which she was told to pay back £4,900 following his instructions.

Two days later she discovered this sum plus a further £3,000 had been taken from her account. 

The couple’s daughter Sarah said: ‘All TalkTalk did was offer them free phone calls and a freeview box. Shame on TalkTalk – that money was what my parents live on.’

Hilary Foster, a barristers’ practice manager from Surbiton, Surrey, said she discovered on Friday morning that her account had been targeted by the cyber-hackers. ‘It’s outrageous that TalkTalk didn’t tell me about the risk earlier,’ said the 43-year-old.

‘They’ve known since Wednesday and I only found out this morning when I checked my account. I’ve lost more than £600 and been left overdrawn. The first question my bank asked me when I called them to report it was whether I was a TalkTalk customer.’