TalkTalk Hackers Jailed For Attack That Cost £77m

Uploaded on 2018-11-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Two friends have been jailed for a "sophisticated" TalkTalk cyber-attack that caused "misery and distress" to thousands of customers. Matthew Hanley, 23, and Connor Allsopp, 21, were on 18th November sentenced to a combined sentence of 20 months for their involvement in the massive October 2015 data breach.

The pair stole personal information, banking details and “sensitive” data from 156,959 customer accounts in a hacking exercise that spanned seven days, the Old Bailey heard.  

The total cost to TalkTalk of the breach is estimated to be £77 million, including a record £400,000 fine from the Information Commissioner’s Office for security failings that allowed the hack to happen. Judge Anuja Dhir QC sentenced Hanley for 12 months and Allsopp for eight months, saying that it was a tragedy to find "two individuals of such extraordinary talent" in the dock. She said: "You were both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk.

"The attack led to you and others gaining access to TalkTalk's clients' confidential information. The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there.

"Given the scale of the attack, the number of people whose confidential information was stolen and then passed on to others, I'm sure that your actions caused misery and distress to many thousands of the customers of TalkTalk.”

The court heard how analysis by BAE Systems after the attack suggested that there may have been up to 10 other attackers, some of whom used the confidential data to blackmail TalkTalk’s then-CEO Dido Harding. Ms Harding received demands for Bitcoins in return for the stolen data, which included customers' names, email addresses, mobile numbers, home addresses and dates of birth.

"Your actions, the actions of others, resulted in the then-CEO of TalkTalk being subjected to repeated attempts to blackmail her for money. You were not personally involved in making those attempts but your actions helped facilitate it,” Judge Dhir said.

The court heard how TalkTalk spotted "latency issues" on its website early on October 21 2015 and launched an investigation. TalkTalk reported the cyber-attacks to police and the National Crime Agency and the next day made public statements to alert customers. Hanley was described as a "determined and dedicated hacker".

Telegraph

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

 

« Stuxnet 2.0 - Iran Says Israel Has Launched New Cyber Attacks
GRU: Spies Without Borders »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

Nixu

Nixu

Nixu is the largest Nordic specialist company in information security consulting.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

Hypersecu Information Systems

Hypersecu Information Systems

Hypersecu Information Systems, Inc. is a solution provider dedicated to multi-factor authentication, public key infrastructure and software copyright protection.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Salt Cybersecurity

Salt Cybersecurity

Salt Cybersecurity offer a four-pronged approach to information security that includes Custom Security Policy, Vulnerability Assessment, Threat Detection, and Security Awareness Training.

CyberPeace Foundation

CyberPeace Foundation

CPF is a think tank of cybersecurity and policy experts with the vision of pioneering Cyber Peace Initiatives to build collective resiliency against CyberCrimes and global threats of cyber warfare.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.

Teal Technology Consulting

Teal Technology Consulting

TEAL Technology Consulting is your trusted advisor for all your information security needs.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.