The breach exposed the personal data of 160,000 people and cost the telecom company £77 million
Two young Brits have been jailed for their roles in the breach at the telecommunications company TalkTalk in 2015, The Guardian reports.
The Old Bailey criminal court in London sentenced Matthew Hanley, 23, and Connor Allsopp, 21, both from Staffordshire, to 12 and 8 months in jail, respectively.
As we wrote in April 2017, both youngsters admitted to their roles in the data breach that unfolded between 18-22 October 2015 and exposed the names, addresses, dates of birth, email addresses, and phone numbers of almost 160,000 people. Additionally, almost 16,000 of the victims also had their banking credentials stolen.
Hanley copped to several charges of violating the Computer Misuse Act, including those related to his obtaining files to enable the hack, compromising the website of the telecom giant, and passing on the stolen details to his associate.
Hanley sought to escape justice by encrypting some data and erasing the rest, as also corroborated by a statement from the Metropolitan Police. However, he wouldn’t resist boasting of his misdeeds to his peers on social media, which proved to be his undoing when police accessed the logs of the conversations.
Meanwhile, Allsopp ‘fessed up to sharing a spreadsheet containing the data with another user for fraud and to attempting to sell it off to cybercriminals.
In December 2016, a 17-year-old youth was sentenced to a 12-month rehabilitation order for identifying the vulnerabilities on the target websites that were exploited for the attack, which used a common technique known as SQL injection.
The breach cost the company £77 million, including a record-high fine from the United Kingdom’s data watchdog, The Information Commissioner’s Office (ICO). Information Commissioner Elizabeth Denham didn’t mince words when announcing the penalty: “TalkTalk’s failure to implement the most basic cybersecurity measures allowed hackers to penetrate TalkTalk’s systems with ease … TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action”.