Boy aged 15 arrested over TalkTalk cyber attack
POLICE investigating the TalkTalk cyber attack which potentially compromised the data of more than four million customers last night arrested a 15-year-old British schoolboy.
Detectives executed a search warrant at the teenager’s home, which was being searched by specialist officers. The boy, from County Antrim, Northern Ireland, was taken into custody and was awaiting questioning by cyber crime investigators.
The arrest of a child in connection with one of the country’s most damaging hacking incidents will raise further serious questions about the security measures put in place by TalkTalk.
Last week some experts gave credence to a theory that the attack was the work of highly-skilled Islamist jihadists in Russia, following anonymous internet postings claiming responsibility. If that theory proves unfounded and the attack on TalkTalk was more amateur in nature, the company is likely to face tough questions from customers over how it protects their data.
The arrest, which took place four days after the company admitted it had suffered a “sustained and significant” cyber attack, was the first to be made in the inquiry led by Scotland Yard’s Cyber Crimes Unit.
The hacking of TalkTalk’s systems,
which the company said could affect up to four million customers, began on Wednesday and the authorities were notified the following day.
The boy, who cannot be named for legal reasons, was arrested on suspicion of offences under the Computer Misuse Act, a police spokesman said.
The legislation carries a maximum penalty of 10 years’ imprisonment and an unlimited fine.
A Metropolitan Police spokesman said: “On Monday 26 October at approximately 4.20pm officers ... executed a search warrant at an address in County Antrim, Northern Ireland.
“At the address, a 15-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has been taken into custody at a County Antrim police station where he will later be interviewed. A search of the address is ongoing and inquiries continue.”
A TalkTalk spokesman said: “We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police. We will continue to assist with the ongoing investigation.”
The Daily Telegraph can also disclose that millions of people who cancelled their TalkTalk contracts years ago may have fallen victim to the cyber attack.
When former customers are included, the total number could be far higher than the initial four million estimate, because between 16 and 25 per cent of customers switch provider within the broadband industry each year.
A spokesman for TalkTalk, which has been operating since 2006, said: “There is a risk and a chance that some previous TalkTalk customers’ details were stored on the website. At the moment we can’t rule it out.
“It’s easy for us to pull our existing customers’ details and email them but it’s not so easy for us to do that for former customers. If we establish that former customers have been impacted by this we will be in touch with them directly. If anyone has concerns they should contact us.”
Baroness Harding, the TalkTalk chief executive whose pay package was more than £6.8 million last year, has said the company could face a compensation bill running into millions for customers whose bank accounts were raided.