TalkTalk shares drop 10.7% despite research that breaches don't cause drops

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.theregister.co.uk/2015/10/23/talktalk_shares_drop/

Shares in TalkTalk dropped by 10.7 per cent this morning after the company
released a statement admitting that a "cyber attack" may have exposed the
data of its four million customers.

TalkTalk is contacting all of its customers following what it called "a
significant and sustained cyber attack" and intends to offer them free
credit monitoring for a year to mitigate their exposure to identity thieves.

Despite these attempts at remediating the breach, London-listed shares in
TalkTalk had dropped "as much as 9.5 per cent in the early minutes of
trading on Friday," reported (£) the Financial Times, which continued that
they "have fallen almost a fifth this week."

The share price drop is unusual and exceeds that experienced by Carphone
Warehouse earlier this year, when its shares opened 1.7 per cent lower on
Monday than they had closed on the Friday preceding its weekend confession.

An article published in the Harvard Business Review earlier this year
claimed that data breaches "don't hurt stock prices" due to shareholders
lacking "good metrics, tools, and approaches to measure the impact of cyber
attacks on businesses and translate that into a dollar value."

The HBR noted how, despite the enormous scale of a data breach at JPMorgan
Chase last year, in which the megabank had exposed the details of 76
million households and seven million small businesses, the company's stock
prices had remained stable – indeed, had actually begun to rise by the
beginning of the following month.

TalkTalk, which has only four million customers who may have been affected
by the cyber attack, has formally notified the Information Commissioner's
Office about the breach. The ICO has stated that it is "aware of this
incident, which was reported to us on Thursday afternoon. We will be making
enquiries and liaising with the police."

The telecommunications company has continued to confuse many onlookers by
stating that the customers' data may have been compromised via a
Distributed Denial of Service (DDoS) attack which had targeted the
company's website, despite this being technically impossible.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!