The article below about the TalkTalk data loss in the autumn/winter last year is worth highlighting because it shows up the risks of third party suppliers of not having their own protective systems (and contracts) in place. The data loss does not seem to be very widespread or of particularly sensitive data but has opened up customers to scammers posing as TalkTalk on the phone, trying to get the customer to divulge more sensitive information about bank details etc. The really interesting bit to me is that TalkTalk appear to think that the problem arose through a third party contractor with the right to access the TalkTalk systems, so creating the vulnerability that the hackers exploited, and that they are taking legal action. That could be for negligence or something else. It would be interesting to hear the thoughts of that contractor now on what they would have wanted to do with hindsight either to their levels of protection in IT security terms, or to their contract with TalkTalk in terms of the liability issues.