Cyber Incident Victim: TalkTalk Group

In late November 2016, a cyber-attack disrupted internet services for thousands of customers across multiple internet service providers (ISPs), including TalkTalk and the Post Office in the UK. The incident began on November 27, 2016, when the Post Office confirmed approximately 100,000 of its customers lost internet connectivity due to compromised routers. TalkTalk acknowledged simultaneous disruptions for an unspecified number of its users. This followed a related attack earlier in the week against Deutsche Telekom in Germany, which impacted up to 900,000 customers. The attackers deployed a modified variant of the Mirai malware, a worm known for targeting Linux-based networking equipment by exploiting known vulnerabilities. Specific router models, including the Zyxel AMG1302 used by the Post Office, were identified as vulnerable to this attack vector. The malware caused routers to malfunction, rendering them unable to provide internet access.

Both TalkTalk and the Post Office initiated response measures upon detecting the outage. They traced the issue to the Mirai-based attack and implemented technical fixes, advising affected customers to reboot their routers to restore functionality. The companies emphasized that no customer personal data or devices beyond the routers were compromised during the incident. Kcom, another UK ISP using the same Zyxel router model, reported similar disruptions but confirmed most customers had regained connectivity after network-level protections were applied. Security researchers noted the attack highlighted risks associated with vulnerable consumer routers, warning that compromised routers could serve as entry points for further attacks on connected devices such as webcams or smart TVs. The incident underscored pre-existing concerns about Mirai’s adaptability, as security experts had previously documented vulnerabilities in these routers that were exploited during the attack.