#TalkTalk: 15-year-old Arrested in Northern Ireland

A 15-year-old boy has been arrested by police in Northern Ireland as officers look to find out who was responsible for a major cyber attack on TalkTalk last week.

In a brief statement on Monday, the Metropolitan Police revealed that officers from the Police Service of Northern Ireland (PSNI), working with the Met’s Police Cyber Crime Unit (MPCCU), raided a home in County Antrim.

At that time the 15-year-old was arrested on suspicion of offences under the Computer Misuse Act.

The search is ongoing and the boy was taken to County Antrim police station for interview.

The news comes after a weekend in which TalkTalk CEO, Dido Harding, spent her time telling the British media that the breach had actually been far less damaging than at first thought.

In fact, the ISP claimed in a statement that the range of customer data stolen was “materially lower” than widely believed—including names, addresses, birth dates, emails, telephone numbers, account info, and financial information.

But crucially, any card numbers stolen were incomplete, and bank account numbers and sort codes—if stolen—would not allow an attacker to access an individual’s account.

It’s still unclear how many of TalkTalk’s four million customers were affected by the data breach. However, it does appear as if small business customers were among those whose details may have been accessed.

A note on the TalkTalk business page on Saturday claimed that all those small business customers who were affected by the breach had now been contacted by the firm.

As per its offer to regular home broadband users, TalkTalk is offering small businesses 12 months’ free credit monitoring with Noddle.

It has been claimed that whoever was responsible for the cyber incident first launched a DDoS attack on the ISP’s website, as a cover for the data theft itself. An SQL injection attack has been pegged as the possible vector for at least part of the cyber raid.

TalkTalk also admitted that one individual has contacted the firm seeking ransom for the data—although it’s not clear yet whether that is the same person that was arrested in Northern Ireland yesterday.

Despite Harding’s attempts to play down the seriousness of the incident, once cyber-criminals have access to an individual’s personal details it could open the floodgates to a wide range of information theft and fraud.

What’s Hot on Infosecurity Magazine?