TalkTalk announced that it has been the target of a data breach\u2014its third such attack this year. Details are sketchy because the investigation just began and is still ongoing, but in a worst-case scenario it\u2019s possible the attackers have accessed the entire customer database\u2014compromising sensitive data on up to 4 million customers. TalkTalk also revealed that somebody claiming to be responsible for the hack has contacted the company with a ransom demand.A website has been set up by TalkTalk to share the few details that are available so far. It opens with, \u201cWe are very sorry to tell you that yesterday a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber-attack on our website on Wednesday 21st October.\u201dTalkTalk says the data that may be compromised includes customer names, addresses, dates of birth, email addresses, telephone numbers, TalkTalk account information, and even credit card and bank details. The broadband provider is working with authorities and cybercrime experts to investigate the breach, and reaching out to customers to inform them their personal data may be compromised. It is also offering the standard, all-but-obligatory free year of credit monitoring for all affected customers.A report from Reuters states that TalkTalk has also received a ransom demand. It doesn\u2019t specify the demands, but I assume the payment would be in exchange for not publishing the data publicly on the Web or possibly for not selling it on the cyber black market. TalkTalk CEO Dido Harding is quoted by Reuters saying, \u201cIt is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker.\u201d\u201cData thieves sell this information to aggregators, who cross-reference and compile full identities\u2014called \u201cfullz\u201d on the data black market,\u201d explains Ryan Wilk, director with NuData Security. \u201cThis increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches.\u201dWilk says that criminals armed with this kind of personal data are a serious threat. Fraudsters can create new bank accounts or take out loans under an actual person\u2019s name, causing problems for fraud victims for years down the road.Andy Heather, VP of EMEA for HP Security, warns, \u201cThe theft of financial information credit card or account information has a limited lifespan, until the victim changes the account details etc. but the personal information that can be obtained by accessing someone\u2019s account profile has a much broader use and can be used to commit a much wider range of fraud and identity theft, and simply cannot be changed.\u201dThe breach is unfortunate and it\u2019s easy to view TalkTalk as the ill-fated victim. It is undeniable that TalkTalk is a victim of some sort of cyber-attack, but like most companies that have data compromised by attackers there\u2019s most likely more that should have been done to protect the data and prevent the breach.\u201cClearly there are questions in the case of this breach, as to what mechanisms were put in place to protect the data hackers came after; perhaps too much focus was put on perimeter security and detection of threats, rather than focusing on better protecting what assets attackers would be coming after in the first place,\u201d suggests Richard Cassidy, technical director of EMEA for Alert Logic.HP\u2019s Heather agrees that too many companies still focus on protecting a \u201cnetwork perimeter\u201d that\u2014for all intents and purposes\u2014doesn\u2019t really exist anymore. \u201cIf data is left unprotected, it's not a matter of "if" it will be compromised--it's a matter of "when". Even the best security systems in the world cannot keep attackers away from sensitive data in all circumstances. When a company is storing sensitive information about their customers, the risk is to the data itself.\u201dCassidy added, \u201cFundamentally it is safer to assume that we will be a target of an attack (and in many cases an advanced threat) and look at the problem from the inside out.\u201dThat seems to be the takeaway in data breach after data breach. If the data itself was better protected it wouldn\u2019t matter if attackers can infiltrate the network or compromise the servers its stored on. Instead of trying to block attackers or prevent compromise, companies need to start from the assumption that those things already happened and focus on protecting data and detecting suspicious activity on the network.