Security Experts:

Teen Arrested in Connection With TalkTalk Breach

A 15-year-old boy from Northern Ireland was arrested on Monday in connection to the recent cyberattack on British phone and broadband services provider TalkTalk.

According to Scotland Yard, the teen was arrested on suspicion of committing offences under the Computer Misuse Act as part of the investigation into the alleged theft of data from TalkTalk’s website.

Officers from the Police Service of Northern Ireland, working with detectives from the Metropolitan Police’s Cyber Crime Unit, arrested the boy at an address in County Antrim and searched the location. The suspect, whose name has not been made public, was interviewed at the County Antrim police station where he had been taken into custody.

“TalkTalk can confirm that we have been informed by the Metropolitan Police of the arrest of a suspect in connection with the cyber attack on our website on 21st October 2015. We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the Police. We will continue to assist in the ongoing investigation,” TalkTalk stated after news of the arrest broke.

In the meantime, more information has emerged regarding the breach and its impact. In a notice posted on its TalkTalk Business website, the telecoms firm revealed that the hacker attack also affects current and previous small business customers who conducted online transactions. The company says other business customers are not impacted.

In an updated statement published over the weekend, TalkTalk attempted to downplay the breach, saying that only the firm’s website was hit and not its core systems. Furthermore, the website does not store complete payment card details and the company expects the amount of exposed financial data to be lower than initially believed.

TalkTalk CEO Dido Harding said on Monday that while the attackers might have accessed complete bank account numbers and sort codes, this information alone is not enough to steal money from victims’ accounts.

The information possibly accessed by the attackers — names, addresses, dates of birth, email addresses, phone numbers, TalkTalk account details, partial payment card data, and bank details — can be leveraged by malicious actors in social engineering attacks whose goal is to obtain sensitive information. That is why TalkTalk has informed customers that the company will never call or email them to request information or ask them to install software on their computers.

It’s believed that the attackers leveraged a SQL injection vulnerability to gain access to TalkTalk customer information. Experts say the cybercriminals likely used a distributed denial-of-service (DDoS) attack against the company’s website as a smokescreen that allowed them to hide their other malicious activities.

Someone also attempted to blackmail TalkTalk following the incident, reportedly demanding roughly $122,000 in Bitcoin to prevent the stolen data from being leaked.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.