A good example of clear and timely information with no obfuscation around how our passwords and bank/cc details are kept. The how and why will no doubt come to light after the forensic investigation takes place. If anyone out there is in a ITSO type role it may be worth passing this about the office to show communication with customers done correctly, as opposed to how Talk-Talk did it.
Regarding SSL, the organisation Let's Encrypt has just gone into public beta, so might be worth a look for folks out there looking to implement TLS/SSL without the cost.
