Two men have been convicted at the Old Bailey after pleading guilty to hacking and fraud offences related to the 2015 breach of TalkTalk.
Matthew Hanley, 22, of Devonshire Drive, Tamworth, pleaded guilty to three offences under the Computer Misuse Act, including the hacking of the TalkTalk website, obtaining files that would enable the hacking of websites and supplying files to enable the hacking of websites to others. He also pleaded guilty to supplying an article for use in fraud – a spreadsheet filled with TalkTalk customer details.
Conner Douglas Allsopp, 20, of Ludgate, Tamworth pleaded guilty to supplying an article for use in fraud and supplying an article intended for in the commission of an offence under the Computer Misuse Act; a computer file to enable hacking.
Although Hanley encrypted his hard drives and studiously deleted incriminating evidence, his social media accounts betrayed him, revealing conversations in which he spoke of his involvement in the hack and his getting rid of key digital evidence.
Hanley is said to have done the main hacking and stealing of customer details, while Allsopp was tasked with selling them online.
The two will be sentenced on Wednesday but the investigation continues, according to the Metropolitan Police.
The 2015 breach affected just 160,000 customers, although TalkTalk has admitted it cost the firm in the region of £60m in clean-up costs, customer attrition and a £400,000 fine from the ICO.
However, the firm got off lightly, according to new analysis from NCC Group.
The security consultancy claimed that the ISP would have been hit with a staggering £59m fine if the GDPR had been in force.
In total, ICO fines from 2016 would have risen 79 times to roughly £69m if the European privacy law had been enacted, it claimed.
The GDPR will finally come into force on 25 May 2018, when the maximum fine will be 4% of global annual turnover or €20m, whichever is bigger.