TalkTalk hack: 15-year-old boy arrested in Northern Ireland over cyber attack

News stunned security experts who had assumed that Isis terrorists or major country had been behind the breach

A boy of 15 has been arrested and questioned on suspicion of being the mastermind behind the TalkTalk data theft cyber attack.

A team from Scotland Yard’s Cyber Crime Unit joined Police Service of Northern Ireland officers as they raided the teenager’s home in County Antrim. The boy was arrested on suspicion of Computer Misuse Act offences and taken to a nearby police station.

News of the suspect’s age stunned security experts who had assumed that a group of Isis terrorists or a country such as Russia had been behind the massive breach. IT insiders said it would be a “gamechanger” if proven that a teenager operating from his bedroom could bring a global company to its knees.

The Met said the property was being searched and inquiries by CCU detectives, the PSNI’s Cyber Crime Centre and the National Crime Agency are continuing. 

A spokesman said on Monday night: “An arrest has been made in connection with the investigation into alleged data theft from the TalkTalk website. At approximately 4.20pm, officers from the Police Service of Northern Ireland (PSNI), working with detectives from the Metropolitan Police Cyber Crime Unit, executed a search warrant at an address in County Antrim, Northern Ireland.

“At the address, a 15-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has been taken into custody at a County Antrim police station where he will later be interviewed.”

The phone and broadband provider, which has four million customers, initially said last week that the “sustained” attack was a DDoS, a distributed denial of service attack where a website is bombarded with waves of traffic.

When experts pointed out a DDoS attack would not explain the loss of data TalkTalk later indicated it had been hit by an attack known as an SQL injection - a technique where hackers gain access to a database by entering instructions in a web form. 

IT security experts had already expressed surprise at how a company the size of TalkTalk was still vulnerable to the method, as it is a well-known type of attack and there are relatively simple ways of defending against it.

The company has been heavily criticised for its handling of the cyber attack – the third it has suffered in the last eight months, with incidents in August and February resulting in customers’ data being stolen. 

Following last week’s breach TalkTalk admitted that customers’ bank account and sort code details may have been accessed as some customers said money has gone missing from their accounts.

TalkTalk said there is currently no evidence that customers’ bank accounts have been affected but it does not know how much customer information was encrypted. The company said it would contact all current customers and that an unknown number of previous customers may also be at risk.

TalkTalk’s chief executive Dido Harding said last week the firm had received a ransom demand from someone claiming to be behind the cyber attack.

Jesse Norman, chair of the Culture, Media and Sport Select Committee, is leading an inquiry into the alleged data breach.

Cyber Security Minister Ed Vaizey had earlier told MPs that companies could face bigger fines for failing to protect customer data from such attacks. He said the Information Commissioner’s Office can already levy “significant fines” but told the Commons he was “open to suggestions” about how the situation could be “improved”.

TalkTalk is facing a maximum fine of £500,000 but the SNP’s John Nicolson said the prospect was “clearly not terrifying” for a company with an annual revenue of £1.8 billion a year.

Shares in the telecoms company fell more than 12 per cent on Monday extending its losses from last week when news of the attack first emerged.

A statement from Talk Talk said: “We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police. We will continue to assist with the ongoing investigation.

“In the meantime, we advise customers to visit [our website] for updates and information regarding this incident.”