Menu
UK arrests teenager in connection with TalkTalk hack

UK arrests teenager in connection with TalkTalk hack

TalkTalk continues to deal with the fallout from its third data breach this year

U.K. police arrested a 15-year-old boy in Northern Ireland on Monday in connection with the data breach at TalkTalk, as the broadband and phone provider faces growing criticism over its handling of the incident.

The teenager, detained in Country Antrim, could face charges under the Computer Misuse Act, the Metropolitan Police said.

TalkTalk's website was breached on Oct. 21, resulting in the loss of customer names, addresses, birth dates, email addresses, phone numbers, account information, payment card and bank account details.

CEO Dido Harding said she was personally contacted by someone claiming to be the hacker who demanded money, according to The Guardian.

Harding has come under harsh criticism for allegedly not shoring up the company's security. The latest data breach is the third one suffered by TalkTalk this year.

In February, the company said scammers had approached some customers, quoting their TalkTalk account numbers and phone numbers. The data had likely been illegally accessed, according to a statement. In August, TalkTalk's mobile sales site was hit, the BBC reported.

But the latest data breach could be the worst. Some of the data obtained was not encrypted, TalkTalk said in a FAQ. The payment card details, however, may be harder for criminals to monetize since some numbers were obscured.

In a video posted Monday, Harding contended that cybercriminals would not be able to use information such as bank sort codes and account numbers that were exposed for fraud.

"Without more information, criminals can't use these to take money from your bank account," she said.

Harding's assessment is accurate. But cybercriminals often assemble that kind of information into broader dossiers on people for identity theft-related schemes.

The company's website has remained down since the attack.

TalkTalk maintains it has not violated the U.K.'s Data Protection Act, which is a set of principles dictating how companies are allowed to use data. The act mandates that organizations are required to protect data to prevent disclosure but does not make specific prescriptions of what technology to use.

Encryption is generally recommended for sensitive data such as customer information. Even if data is obtained by hackers, it would be difficult or impossible to read without the decryption key, which should be closely guarded.

The Information Commissioner's Office, the U.K.'s data protection watchdog, said it was aware of the latest incident and is working with the police.

Shortly after TalkTalk's breach, a message was posted on Pastebin purporting to be from the hackers. A sample of data was posted, although the post has now been removed by Pastebin.

Harding made another error during a BBC interview in which she said TalkTalk was notifying its customers by email. She was asked how customers would be able to tell if that email indeed came from TalkTalk.

"If you are nervous and suspicious, have a look at the header of the email and you will see the email address that it has come from," Harding said.

The sender address on an email can be easily faked. Such a deception might be obvious to more astute technologists but would likely fool most people.

Cybercriminals are known to use stolen email databases for phishing or other illegal activity, crafting believable messages that can trick people into downloading malware or revealing more personal information.

But it's also possible other scammers who don't have access to the email list could send out random scam emails in hopes some are actually TalkTalk customers.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments