Out-Law News | 14 Dec 2016 | 4:11 pm | 1 min. read
TalkTalk was the target of a "significant and sustained" cyber attack in October 2015. The personal data of approximately 157,000 customers was compromised in the attack. The Information Commissioner's Office (ICO) investigated the incident and issued TalkTalk with a record fine of £400,000 in October after finding a number of "inadequacies" with the company's data security practices.
In a case brought before Norwich Youth Court, a 17-year-old admitted to seven offences under the Computer Misuse Act. The youth "used software illegally to hack the website" of TalkTalk and then "posted information about the vulnerability on a website accessible to others", the Crown Prosecution Service said. He had also targeted the websites of Cambridge and Manchester universities, it said.
Laura Tams, specialist prosecutor from the CPS Organised Crime Division, said: "This case involved the deliberate exposure of a security issue on the TalkTalk website which is used by thousands of people every day. Through analysis of online chats and other digital footprints, prosecutors were able to demonstrate exactly how the defendant found this weakness and shared the details online."
A spokesperson for TalkTalk said: "The Metropolitan Police and the CPS have worked hard to find those responsible for the cyber attack, and we are pleased that their investigation has led to a successful prosecution. We hope that this outcome will encourage other companies to inform their customers and the police quickly when they are attacked."