chalabala - Fotolia
The Metropolitan Police Cyber Crime Unit (MPCCU) arrested the 16-year-old boy in Feltham, West London on suspicion of Computer Misuse Act offences.
The arrest comes three days after a 15-year-old boy was arrested in County Antrim, Northern Ireland.
Both suspects have been bailed after their homes were searched and police officers conducted interviews.
Officers also searched a residential address in Liverpool and enquiries are continuing, the Metropolitan Police said.
A police statement said this was a joint investigation involving the Police Service of Northern Ireland (PSNI) cyber crime centre, National Crime Agency (NCA) and detectives from the MPCCU.
In response to the first arrest, TalkTalk said in a statement the company was “grateful for the swift response and hard work of the police”.
The police investigation was launched when TalkTalk reported that its website had been hit by a “significant and sustained cyber attack”.
The phone and broadband provider, which has more than four million UK customers, said banking details and personal information could have been accessed.
It later emerged that TalkTalk’s website had been targeted by a DDoS and SQL-injection attack, raising fears that the DDoS attack was a smokescreen for data theft.
TalkTalk has engaged BAE Systems to investigate the cyber attack, and the company’s cyber specialists are reportedly analysing “vast quantities” of data to establish how the breach took place, and what information was stolen.
TalkTalk downplayed the impact of the breach, emphasising that only its website was attacked and not its core systems, which means only partial credit card numbers were exposed, making them theoretically useless to cyber criminals.
However, the company has come under criticism for not ensuring that all customer data was encrypted, with some customers reportedly planning to sue the company for compensation.
Members of parliament said an inquiry would be launched into the cyber attack that could have put customers’ details at risk.
Read more about data breaches
- Hackers may have accessed the payment card details of up to 3,500 customers, warns finance publisher Dow Jones.
- The HIV clinic data breach comes after repeated warnings in recent years by the ICOabout the risk of disclosing personal data through poor email practices.
- More than 70% of executives say their organisations do not fully understand the risks associated with data breaches.
- Most large enterprises already know much of what they need to put in place to protect themselves against data breaches – they just have not done it all.