Data breach cost £77M in losses to the telecom company
Cybersecurity and digital forensics specialists from the International Institute of Cyber Security reported that two hackers have been sent to prison for their involvement in the attack on TalkTalk, one of the largest telecommunications companies in the United Kingdom, occurred in 2015, incident in which they stole personal information, banking and credit card details belonging to more than 156k customers.
Matthew Hanley, 23 years old, and Connor Allsopp, 21 years old, both from Tamworth in Staffordshire, were sentenced last Monday to 12 months and 8 months in prison, respectively, after admit charges related to the massive security breach that cost TalkTalk £77M in losses.
According to cybersecurity and digital forensics specialists, the total cost also included a fine of £400k imposed by the Information Commissioner Office (ICO) against TalkTalk for failures in implementing basic security measures to avoid incidents like this.
During the trial, Judge Anuja Dhir described Hanley as a “dedicated hacker” and sentenced him to 12 months in prison; while Allsopp was sentenced to 8 months in prison for his minor involvement in the security breach. The judge mentioned that it was a tragedy to find guilty “two young people with extraordinary talent”.
“Given the magnitude of the attack, the number of people whose confidential information was compromised, I’m sure their actions affected thousands of TalkTalk customers,” the judge said.
Hanley broke into the company’s website between October 16 and 21, 2015 and stole personal and bank data of over 156k customers. He then passed the stolen information to his colleague Allsopp, who later sold the data to another online user for malicious use.
Stolen information included customers’ full names, addresses, dates of birth, phone numbers, email addresses and information from their TalkTalk accounts, and in nearly 16k cases, the attackers also accessed financial information.
Another hacker, Daniel Kelley, 21 years old, was arrested, accused and convicted in 2016, for obtaining the stolen data from TalkTalk’s clients and blackmailing the company’s then CEO, Dido Harding, demanding 465 Bitcoin.
“His actions, in addition to the actions of others, resulted in the then CEO of TalkTalk being subjected to repeated attempts at blackmail,” Judge Dhir told Hanley and Allsopp.
In the weeks following the attack on TalkTalk, several teenagers, including a 15-year-old boy from Northern Ireland, a 16-year-old boy from west London and a 16-year-old from London, were arrested for alleged involvement, reported specialists in digital forensics, in the hacking campaign and extortion to the telecommunications company.