TalkTalk Hackers Jailed For Attack That Cost £77m

Uploaded on 2018-11-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Two friends have been jailed for a "sophisticated" TalkTalk cyber-attack that caused "misery and distress" to thousands of customers. Matthew Hanley, 23, and Connor Allsopp, 21, were on 18th November sentenced to a combined sentence of 20 months for their involvement in the massive October 2015 data breach.

The pair stole personal information, banking details and “sensitive” data from 156,959 customer accounts in a hacking exercise that spanned seven days, the Old Bailey heard.  

The total cost to TalkTalk of the breach is estimated to be £77 million, including a record £400,000 fine from the Information Commissioner’s Office for security failings that allowed the hack to happen. Judge Anuja Dhir QC sentenced Hanley for 12 months and Allsopp for eight months, saying that it was a tragedy to find "two individuals of such extraordinary talent" in the dock. She said: "You were both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk.

"The attack led to you and others gaining access to TalkTalk's clients' confidential information. The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there.

"Given the scale of the attack, the number of people whose confidential information was stolen and then passed on to others, I'm sure that your actions caused misery and distress to many thousands of the customers of TalkTalk.”

The court heard how analysis by BAE Systems after the attack suggested that there may have been up to 10 other attackers, some of whom used the confidential data to blackmail TalkTalk’s then-CEO Dido Harding. Ms Harding received demands for Bitcoins in return for the stolen data, which included customers' names, email addresses, mobile numbers, home addresses and dates of birth.

"Your actions, the actions of others, resulted in the then-CEO of TalkTalk being subjected to repeated attempts to blackmail her for money. You were not personally involved in making those attempts but your actions helped facilitate it,” Judge Dhir said.

The court heard how TalkTalk spotted "latency issues" on its website early on October 21 2015 and launched an investigation. TalkTalk reported the cyber-attacks to police and the National Crime Agency and the next day made public statements to alert customers. Hanley was described as a "determined and dedicated hacker".

Telegraph

You Might Also Read: 

The BA Hack And How Not To Respond To A Cyber Attack:

 

« Stuxnet 2.0 - Iran Says Israel Has Launched New Cyber Attacks
GRU: Spies Without Borders »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

Tenet3

Tenet3

Tenet3's vision is to make optimal cyber strategy development tractable, data driven, with concrete success metrics. The result is cost effective cyber resilience for our customers.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.

Nicos AG

Nicos AG

Nicos AG specializes in secure, global data communication.