Dutourdumonde - Fotolia

Police make fifth arrest over TalkTalk hack

Metropolitan Police have arrested a fifth person, an 18-year-old boy, in connection with the cyber attack on TalkTalk that exposed more than a million customers details

Police have arrested a fifth person in connection with the distributed denial-of-service (DDoS) attack and suspected data theft from TalkTalk in October 2015.

Detectives from the Metropolitan Police Service’s Cyber Crime Unit (MPCCU) and officers from Southern Wales Regional Organised Crime Unit (Rocu) executed a search warrant at an address in Llanelli, Wales and arrested an 18-year-old boy on suspicion of blackmail.

Days after the cyber attack, a ransom demand was reportedly sent to TalkTalk by someone claiming to be responsible and seeking payment.

The Met police said the suspect was taken into custody by Dyfed-Powys Police and detectives continue to investigate.

The youngest suspect so far is a 15-year-old boy from County Antrim, who was the first to be arrested in connection with the TalkTalk investigation. He was taken into custody at a County Antrim police station and has since been bailed to return pending further enquiries.

Three days later, a 16-year-old boy was arrested at an address in Feltham on suspicion of Computer Misuse Act offences. He is currently on bail until a date in mid-March 2016 pending further enquires.

The eldest to be arrested so far is a 20-year-old man from Staffordshire, who is currently on bail until a date in early March 2016 pending further enquires.

The fourth person to be arrested was another 16-year-old boy from Norwich, who is currently on bail until a date in late March 2016 pending further enquiries. 

In the most recent update by TalkTalk, the firm said hackers had accessed the personal details of 156,959 customers, exposing 15,656 bank account numbers and sort codes and 28,000 obscured credit and debit card numbers.

According to the company, forensic analysis of the site confirms that only 4% of TalkTalk customers have any sensitive personal data at risk. The phone and broadband provider had originally feared that details of its more than four million UK customers had been exposed.

TalkTalk said the stolen credit or debit card details were incomplete and therefore could not be used for financial transactions. However, it advised customers to be on the lookout for fraud.

Read more about data breaches

Read more on Hackers and cybercrime prevention