UK arrests teenager in connection with TalkTalk hack

TalkTalk continues to deal with the fallout from its third data breach this year

U.K. police arrested a 15-year-old boy in Northern Ireland on Monday in connection with the data breach at TalkTalk, as the broadband and phone provider faces growing criticism over its handling of the incident.

The teenager, detained in Country Antrim, could face charges under the Computer Misuse Act, the Metropolitan Police said.

TalkTalk's website was breached on Oct. 21, resulting in the loss of customer names, addresses, birth dates, email addresses, phone numbers, account information, payment card and bank account details.

CEO Dido Harding said she was personally contacted by someone claiming to be the hacker who demanded money, according to The Guardian.

Harding has come under harsh criticism for allegedly not shoring up the company's security. The latest data breach is the third one suffered by TalkTalk this year.

In February, the company said scammers had approached some customers, quoting their TalkTalk account numbers and phone numbers. The data had likely been illegally accessed, according to a statement. In August, TalkTalk's mobile sales site was hit, the BBC reported.

But the latest data breach could be the worst. Some of the data obtained was not encrypted, TalkTalk said in a FAQ. The payment card details, however, may be harder for criminals to monetize since some numbers were obscured.

In a video posted Monday, Harding contended that cybercriminals would not be able to use information such as bank sort codes and account numbers that were exposed for fraud.

"Without more information, criminals can't use these to take money from your bank account," she said.

Harding's assessment is accurate. But cybercriminals often assemble that kind of information into broader dossiers on people for identity theft-related schemes.

The company's website has remained down since the attack.

TalkTalk maintains it has not violated the U.K.'s Data Protection Act, which is a set of principles dictating how companies are allowed to use data. The act mandates that organizations are required to protect data to prevent disclosure but does not make specific prescriptions of what technology to use.

Encryption is generally recommended for sensitive data such as customer information. Even if data is obtained by hackers, it would be difficult or impossible to read without the decryption key, which should be closely guarded.

The Information Commissioner's Office, the U.K.'s data protection watchdog, said it was aware of the latest incident and is working with the police.

Shortly after TalkTalk's breach, a message was posted on Pastebin purporting to be from the hackers. A sample of data was posted, although the post has now been removed by Pastebin.

Harding made another error during a BBC interview in which she said TalkTalk was notifying its customers by email. She was asked how customers would be able to tell if that email indeed came from TalkTalk.

"If you are nervous and suspicious, have a look at the header of the email and you will see the email address that it has come from," Harding said.

The sender address on an email can be easily faked. Such a deception might be obvious to more astute technologists but would likely fool most people.

Cybercriminals are known to use stolen email databases for phishing or other illegal activity, crafting believable messages that can trick people into downloading malware or revealing more personal information.

But it's also possible other scammers who don't have access to the email list could send out random scam emails in hopes some are actually TalkTalk customers.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?