TalkTalk Hackers Jailed For Attack That Cost £77m

Uploaded on 2018-11-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Two friends have been jailed for a "sophisticated" TalkTalk cyber-attack that caused "misery and distress" to thousands of customers. Matthew Hanley, 23, and Connor Allsopp, 21, were on 18th November sentenced to a combined sentence of 20 months for their involvement in the massive October 2015 data breach.

The pair stole personal information, banking details and “sensitive” data from 156,959 customer accounts in a hacking exercise that spanned seven days, the Old Bailey heard.  

The total cost to TalkTalk of the breach is estimated to be £77 million, including a record £400,000 fine from the Information Commissioner’s Office for security failings that allowed the hack to happen. Judge Anuja Dhir QC sentenced Hanley for 12 months and Allsopp for eight months, saying that it was a tragedy to find "two individuals of such extraordinary talent" in the dock. She said: "You were both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk.

"The attack led to you and others gaining access to TalkTalk's clients' confidential information. The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there.

"Given the scale of the attack, the number of people whose confidential information was stolen and then passed on to others, I'm sure that your actions caused misery and distress to many thousands of the customers of TalkTalk.”

The court heard how analysis by BAE Systems after the attack suggested that there may have been up to 10 other attackers, some of whom used the confidential data to blackmail TalkTalk’s then-CEO Dido Harding. Ms Harding received demands for Bitcoins in return for the stolen data, which included customers' names, email addresses, mobile numbers, home addresses and dates of birth.

"Your actions, the actions of others, resulted in the then-CEO of TalkTalk being subjected to repeated attempts to blackmail her for money. You were not personally involved in making those attempts but your actions helped facilitate it,” Judge Dhir said.

The court heard how TalkTalk spotted "latency issues" on its website early on October 21 2015 and launched an investigation. TalkTalk reported the cyber-attacks to police and the National Crime Agency and the next day made public statements to alert customers. Hanley was described as a "determined and dedicated hacker".

Telegraph

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

 

« Stuxnet 2.0 - Iran Says Israel Has Launched New Cyber Attacks
GRU: Spies Without Borders »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Checkmarx

Checkmarx

Checkmarx provides state-of-the-art application security solutions with static code analysis software.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.