A fifth person has been arrested in connection with the cyber attack and subsequent data breach at TalkTalk which compromised the personal and financial details of over 150,000 customers.
Officers from the Cyber Crime Unit (MPCCU) at London’s Metropolitan Police Service aided by the Southern Wales Regional Organised Crime Unit searched a house in Llanelli on Tuesday and arrested the teenaged ‘boy’, according to a Met statement.
The 18-year-old was cuffed on suspicion of blackmail and taken into custody.
The arrest bears out TalkTalk CEO Dido Harding’s version of events, when she told the BBC in an interview soon after the attack that someone had contacted her by email to demand a ransom for the stolen data.
So far UK police have arrested five people in connection with the October breach which affected 157,000 customers—most of them teenagers.
These include a 15-year-old County Antrim boy, a 16-year-old boy from Feltham, Hounslow, a 20-year-old Staffordshire man, and a 16-year-old Norwich boy. All have been bailed until March 2016 pending further enquiries.
Tom Williams, lead investigative consultant for Context Information Security, told Infosecurity that the most likely chain of events in the attack is that some kids loosely affiliated with a hacktivist group did the initial recon to see if they could find any security holes in the TalkTalk site.
He believes that they then probably passed that information on to a third party who tried to monetize it in an SQL injection attack, possibly using a DDoS as a smokescreen.
“That kind of attack should be preventable for an organization of TalkTalk’s stature,” he added, with the caveat that details are still emerging about the incident.
The personal details of 156,959 customers were stolen, including name, address, date of birth, telephone number and email address, TalkTalk claimed in an update.
There are already reports of these customers being targeted by phishing emails and ‘vishing’ calls designed to elicit more information.
In addition, 15,656 bank account numbers and sort codes were accessed.
Photo © bikeriderlondon