chalabala - Fotolia

Police arrest second teenager over TalkTalk hack

Metropolitan Police announce the arrest of a second teenager in connection with the attack on TalkTalk that exposed the details of four million customers

Police have arrested a second teenager in three days in connection with the distributed denial of service (DDoS) attack and suspected data theft from TalkTalk.

The Metropolitan Police Cyber Crime Unit (MPCCU) arrested the 16-year-old boy in Feltham, West London on suspicion of Computer Misuse Act offences.

The arrest comes three days after a 15-year-old boy was arrested in County Antrim, Northern Ireland.

Both suspects have been bailed after their homes were searched and police officers conducted interviews.

Officers also searched a residential address in Liverpool and enquiries are continuing, the Metropolitan Police said.

A police statement said this was a joint investigation involving the Police Service of Northern Ireland (PSNI) cyber crime centre, National Crime Agency (NCA) and detectives from the MPCCU.

In response to the first arrest, TalkTalk said in a statement the company was “grateful for the swift response and hard work of the police”.

The police investigation was launched when TalkTalk reported that its website had been hit by a “significant and sustained cyber attack”.

The phone and broadband provider, which has more than four million UK customers, said banking details and personal information could have been accessed.

It later emerged that TalkTalk’s website had been targeted by a DDoS and SQL-injection attack, raising fears that the DDoS attack was a smokescreen for data theft.

TalkTalk has engaged BAE Systems to investigate the cyber attack, and the company’s cyber specialists are reportedly analysing “vast quantities” of data to establish how the breach took place, and what information was stolen.

TalkTalk downplayed the impact of the breach, emphasising that only its website was attacked and not its core systems, which means only partial credit card numbers were exposed, making them theoretically useless to cyber criminals.

However, the company has come under criticism for not ensuring that all customer data was encrypted, with some customers reportedly planning to sue the company for compensation.

Members of parliament said an inquiry would be launched into the cyber attack that could have put customers’ details at risk.

Read more about data breaches


Read more on Hackers and cybercrime prevention