TalkTalk Hackers Jailed For Attack That Cost £77m

Two friends have been jailed for a "sophisticated" TalkTalk cyber-attack that caused "misery and distress" to thousands of customers. Matthew Hanley, 23, and Connor Allsopp, 21, were on 18th November sentenced to a combined sentence of 20 months for their involvement in the massive October 2015 data breach.

The pair stole personal information, banking details and “sensitive” data from 156,959 customer accounts in a hacking exercise that spanned seven days, the Old Bailey heard.  

The total cost to TalkTalk of the breach is estimated to be £77 million, including a record £400,000 fine from the Information Commissioner’s Office for security failings that allowed the hack to happen. Judge Anuja Dhir QC sentenced Hanley for 12 months and Allsopp for eight months, saying that it was a tragedy to find "two individuals of such extraordinary talent" in the dock. She said: "You were both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk.

"The attack led to you and others gaining access to TalkTalk's clients' confidential information. The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there.

"Given the scale of the attack, the number of people whose confidential information was stolen and then passed on to others, I'm sure that your actions caused misery and distress to many thousands of the customers of TalkTalk.”

The court heard how analysis by BAE Systems after the attack suggested that there may have been up to 10 other attackers, some of whom used the confidential data to blackmail TalkTalk’s then-CEO Dido Harding. Ms Harding received demands for Bitcoins in return for the stolen data, which included customers' names, email addresses, mobile numbers, home addresses and dates of birth.

"Your actions, the actions of others, resulted in the then-CEO of TalkTalk being subjected to repeated attempts to blackmail her for money. You were not personally involved in making those attempts but your actions helped facilitate it,” Judge Dhir said.

The court heard how TalkTalk spotted "latency issues" on its website early on October 21 2015 and launched an investigation. TalkTalk reported the cyber-attacks to police and the National Crime Agency and the next day made public statements to alert customers. Hanley was described as a "determined and dedicated hacker".

Telegraph

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

 

« Stuxnet 2.0 - Iran Says Israel Has Launched New Cyber Attacks
GRU: Spies Without Borders »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Cyber Command - Romania

Cyber Command - Romania

Cyber Command represents the military authority responsible for the development, protection and resilience of military IT networks and services that support the Romanian Force Structure.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.