Dutourdumonde - Fotolia
Detectives from the Metropolitan Police Service’s Cyber Crime Unit (MPCCU) and officers from Southern Wales Regional Organised Crime Unit (Rocu) executed a search warrant at an address in Llanelli, Wales and arrested an 18-year-old boy on suspicion of blackmail.
Days after the cyber attack, a ransom demand was reportedly sent to TalkTalk by someone claiming to be responsible and seeking payment.
The Met police said the suspect was taken into custody by Dyfed-Powys Police and detectives continue to investigate.
The youngest suspect so far is a 15-year-old boy from County Antrim, who was the first to be arrested in connection with the TalkTalk investigation. He was taken into custody at a County Antrim police station and has since been bailed to return pending further enquiries.
Three days later, a 16-year-old boy was arrested at an address in Feltham on suspicion of Computer Misuse Act offences. He is currently on bail until a date in mid-March 2016 pending further enquires.
The eldest to be arrested so far is a 20-year-old man from Staffordshire, who is currently on bail until a date in early March 2016 pending further enquires.
The fourth person to be arrested was another 16-year-old boy from Norwich, who is currently on bail until a date in late March 2016 pending further enquiries.
In the most recent update by TalkTalk, the firm said hackers had accessed the personal details of 156,959 customers, exposing 15,656 bank account numbers and sort codes and 28,000 obscured credit and debit card numbers.
According to the company, forensic analysis of the site confirms that only 4% of TalkTalk customers have any sensitive personal data at risk. The phone and broadband provider had originally feared that details of its more than four million UK customers had been exposed.
TalkTalk said the stolen credit or debit card details were incomplete and therefore could not be used for financial transactions. However, it advised customers to be on the lookout for fraud.
Read more about data breaches
- Hackers may have accessed the payment card details of up to 3,500 customers, warns finance publisher Dow Jones.
- The HIV clinic data breach comes after repeated warnings in recent years by the ICO about the risk of disclosing personal data through poor email practices.
- More than 70% of executives say their organisations do not fully understand the risks associated with data breaches.
- Most large enterprises already know much of what they need to put in place to protect themselves against data breaches – they just have not done it all.