Back in 2015, telecommunications firm TalkTalk was hit with a major data breach, costing the company tens of millions of pounds. Two “individuals of extraordinary talent” have been found partially responsible for the hack, each receiving jail sentences.
Although exposure of the vulnerability was admittedly the fault of an unrelated 17-year-old, two friends from Tamworth, Staffordshire have both admitted their part in utilising the weakness to steal data from TalkTalk. 23-year-old Matthew Hanley, described as a “determined and dedicated hacker,” received 12 months in prison for passing sensitive details of 8,000 customers for use in fraud to 21-year-old Connor Allsopp, who received just 8 months for his part.
“The crown cannot say precisely what was within the file that Hanley provided to Allsopp,” explains prosecutor Peter Ratliff. “However, on the basis of Hanley’s previous discussions with others, it would appear to have been the bank and other details of in excess of 8,000 TalkTalk customers. Because it was that material he repeatedly boasted of having.”
Judge Anuja Dhir QC handed out the sentences, stating that both were “involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk. The prosecution accept that neither of you exposed the vulnerability in their systems, others started it, but you at different times joined in.
“Your actions, the actions of others, resulted in the then-CEO of TalkTalk being subjected to repeated attempts to blackmail her for money. You were not personally involved in making those attempts but your actions helped facilitate it,” Judge Dhir concluded.
Overall, the hack included the names of customers, as well as their dates of birth, addresses and bank details. This resulted in an estimated loss of £77 million for TalkTalk, according to Ratliff, £400,000 of which was fined by the Information Commissioner’s Office (ICO) for poor security practices.
KitGuru Says: £77m is a big jump from the estimated £35m back in 2015, however it’s not clear how much monetary damage the two boys are responsible for. Do you think 12 months and 8 months jail time are good punishments for committing an offense under the Computer Misuse Act?