Matthew Hanley and Connor Allsopp, two young British hackers who were charged for carrying out a cyber attack on TalkTalk and stealing personal data of as many as 157,000 TalkTalk subscribers, have been jailed for twelve months and eight months respectively after being found guilty of the crime.
The two hackers played a small part in as many as 14,000 hacking attempts on TalkTalk’s website in 2015. It all started when a 17-year old computer geek discovered a potential flaw in the firm’s online security and posted the same on hacker forums. Eager hackers pounced on the opportunity. According to the BBC, the teenage geek told magistrates that he was “just showing off” to his mates.
Cyber-attack caused significant losses to TalkTalk
The cyber-attack on TalkTalk’s servers affected up to 157,000 subscribers and resulted in the loss of more than 15,000 bank account numbers. The data breach cost TalkTalk between £40 million and £45 million as well as a total of 101,000 customers in the third quarter of 2015. TalkTalk won over a majority of its subscribers later by offering an unconditional apology as well as through free offerings.
According to BBC, while announcing the verdict, Judge Anuja Dhir QC noted that Hanley and Allsop were “individuals of extraordinary talent” but their actions had caused misery and distress to many thousands of the customers at TalkTalk.
Judge Dhir added that the duo were involved in a “significant, sophisticated systematic hack attack in a computer system used by TalkTalk” and even though the breach cost TalkTalk an estimated £77 million, “the loss does not end there”.
Even though the two hackers will now serve their prescribed jail terms, it is believed that up to ten hackers were involved in the large-scale cyber-attack on TalkTalk’s systems in 2015.
TalkTalk was fined by ICO following the massive breach
A year after the attacks took place, the Information Commissioner’s Office issued a record £400,000 fine to TalkTalk “for security failings that allowed a cyber attacker to access customer data “with ease”.
The ICO noted that TalkTalk failed to properly identify a database containing customer records that featured inherent vulnerabilities and the same was infiltrated by hackers using SQL injection, resulting in a massive breach of customer records.
“TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease. Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action,” said Elizabeth Denham, the Information Commissioner.