UK ISP TalkTalk is reeling once again after it emerged that three call centre workers in India were arrested on suspicion of using customer data to commit fraud.
TalkTalk claimed in a statement on Wednesday that it has been working with outsourcer Wipro and local police in Kolkata following a “forensic review” it launched after the October 2015 data breach.
It continued:
“Acting on information supplied by TalkTalk, the local Police have arrested three individuals who have breached our policies and the terms of our contract with Wipro. We are also reviewing our relationship with Wipro.
We are determined to identify and deal effectively with these issues and we will continue to devote significant resource to keeping our customers’ data safe. Data theft and scams are a growing issue affecting all businesses and they are notoriously difficult to investigate and prosecute. We are pleased that our investigations have yielded results, and will continue to do everything we can to tackle these crimes.”
According to Channel 4, the follow-up scams defrauded customers to the tune of thousands of pounds.
Eset security specialist Mark James warned that an element of third party risk is an unavoidable consequence of outsourcing.
“Some are good of course, some work out, but let’s be honest, far too many get a bad name and actually damage our relationship with the supplier,” he told Infosecurity.
“All you can do is set your expectations, lay your ground rules and hope they abide by them. Sadly when things go wrong we don’t look and blame the call centre, it’s the first line supplier that takes the blunt end of the blame stick, and rightly so.”
It’s not just Indian outsourcing firms that can present a risk to their client companies.
In March last year Natwest employee Matthew Parkhouse was jailed after tricking customers into divulging their card details over the phone and then making tens of thousands of pounds worth of payments into his account.
Photo © tantrik71/Shutterstock.com