The prospect of a mass exodus of TalkTalk customers worried about the safety of their data left the company exposed to fears compensation claims could top £20m.
But TalkTalk’s falling shares rebounded more than 15 per cent after chief executive Dido Harding said only customers who had had money directly stolen from their accounts would be allowed to waive their termination fees.
Read more: So you might have been hacked - now what?
Breaking a contract early could cost customers hundreds of pounds. Investors may have applauded the move, but Which? executive director Richard Lloyd was unimpressed by TalkTalk’s decision:
This is the bare minimum from TalkTalk who should look at all the ways customers could lose out from having their data compromised.
TalkTalk must treat their customers fairly by letting those affected leave their contracts without penalty and consider offering appropriate compensation.
But there might be a way around the termination fees anyway.
“As a result, TalkTalk has failed to honour its contractual promises to its customers,” he said.
A 15-year-old from Northern Ireland has been arrested and released on bail for the hack which became known on Thursday last week. As many as four million customers are believed to have had their financial information accessed by the hack.
A TalkTalk spokesperson said bank account numbers might have been accessed, but that criminals couldn't use them to take money from accounts without more information:
We can confirm that in the unlikely event money is stolen from a customer’s bank account as a direct result of the cyber attack, rather than as a result of any other information given out by a customer, then as a gesture of goodwill — on a case by case basis — we will waive termination fees.
This was a criminal act and we are acting in line with our terms and conditions.