British Police Arrest 15-Year-Old In Telecom Hack; Ransom Was Demanded In Bitcoin
British police arrested a 15-year-old boy in relation to a massive hack of British telecom TalkTalk Group, according to Silicon Angle. The boy allegedly broke the Computer Misuse Act, a law that covers unauthorized access to computer material with intent to commit a crime. The method used to breach the data was not confirmed, but sources believe the hacker used SQL injection, which causes a database to dump information, combined with a denial of service attack that prevented users from using the website.
Scotland Yard said the boy, who lives in County Antrim, Northern Ireland, has been taken into custody, and his residence has been searched. The Metropolitan Police Force cyber crime unit, the North Island cyber-crime center, and the National Crime Agency have taken part in the investigation.
TalkTalk Telecom Group announced last week that it suffered a data breach and that the hackers demanded a ransom in Bitcoin. Sources told Silicon Angle they believe data for around 4 million customers could be at risk, such as bank and credit card information.
TalkTalk Contacts Customers
The company announced it shut down the website and was working with police to determine what happened and what information was accessed. The company said it contacted every customer about the breach.
KrebsOnSecurity reported the hackers demanded £80,000 ($122,000 USD) in bitcoin and threatened to publish customer data if the ransom was not paid.
Different groups claimed responsibility for the hack.
Did TalkTalk Do Enough To Protect Customers?
Dido Harding, CEO of TalkTalk, told the International Business Times the company could have done more to prevent the theft of customer data. Harding said the data was not encrypted, and the company was not legally required to encrypt it. She said the company did everything it was legally required to do.
The Data Protection Act, according to the International Business Times, requires that appropriate measures be taken against unauthorized processing of personal data. The law does not mention encryption.
Experts interviewed by the International Business Times said TalkTalk could be liable for not encrypting customer data following data breaches in February and August of 2015. Former Metropolitan Police detective Aiden Culley said TalkTalk faces “huge liability.”
Images from Shutterstock and TalkTalk.