Teenager behind TalkTalk cyber attack given rehabilitation order

Out-Law News | 14 Dec 2016 | 4:11 pm | 1 min. read

A teenager has been fined £85 and handed a 12-month youth rehabilitation order over his role in a cyber attack on UK internet service provider (ISP) TalkTalk which exposed data about its customers.

TalkTalk was the target of a "significant and sustained" cyber attack in October 2015. The personal data of approximately 157,000 customers was compromised in the attack. The Information Commissioner's Office (ICO) investigated the incident and issued TalkTalk with a record fine of £400,000 in October after finding a number of "inadequacies" with the company's data security practices.

In a case brought before Norwich Youth Court, a 17-year-old admitted to seven offences under the Computer Misuse Act. The youth "used software illegally to hack the website" of TalkTalk and then "posted information about the vulnerability on a website accessible to others", the Crown Prosecution Service said. He had also targeted the websites of Cambridge and Manchester universities, it said.

In sentencing the teenager, chairman of the bench Jean Bonnick urged him to use his IT skills legally in future, according to reports by the BBC and the Telegraph.

Laura Tams, specialist prosecutor from the CPS Organised Crime Division, said: "This case involved the deliberate exposure of a security issue on the TalkTalk website which is used by thousands of people every day. Through analysis of online chats and other digital footprints, prosecutors were able to demonstrate exactly how the defendant found this weakness and shared the details online."

A spokesperson for TalkTalk said: "The Metropolitan Police and the CPS have worked hard to find those responsible for the cyber attack, and we are pleased that their investigation has  led to a successful prosecution. We hope that this outcome will encourage other companies to inform their customers and the police quickly when they are attacked."