Another teenager arrested in connection with TalkTalk hack

UK policeThe hack of telecoms firm TalkTalk dominated the headlines in the United Kingdom last week as the company struggled to respond to accusations that it had dropped the ball (it was the third data breach impacting TalkTalk customers in the last 12 months) and gave customers some poor advice.

I’m not sure if upset TalkTalk customers and rattled investors were relieved to hear that whoever most recently hacked the firm might not have been “Islamic cyber jihadis” after all, or concerned that such a well-known company could have been hacked by a 15-year-old teenager from Northern Ireland using a rudimentary SQL injection attack.

Regardless, the police have now followed up Monday’s raid in County Antrim with a second arrest related to the TalkTalk data breach, this time of a 16-year-old boy at an address in Feltham.

Here is part of what the Metropolitan Police’s press release says:

Sign up to our free newsletter.
Security news, advice, and tips.

On Thursday, 29 October, detectives from the Metropolitan Police Cyber Crime Unit (MPCCU) executed a search warrant at an address in Feltham. At the address, a 16-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has now been bailed – we await confirmation of the bail date.

A search of the residential address in Feltham has been completed. Officers have also searched a residential address in Liverpool.

Of course, I have no way of knowing if these teenagers were involved in the hack, and we have to allow proper legal processes to take their course.

But, as I explain in the video I made at the time of the first arrest, any business which has not protected its website against SQL injection attacks probably needs to go back to the classroom itself.

TalkTalk hack. 15-year-old boy arrested | Graham Cluley

If you would like me to make more videos, please consider subscribing to my YouTube channel.

In light of these recent developments, maybe TalkTalk would be wise to hire some teenagers to check out its website security?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

2 comments on “Another teenager arrested in connection with TalkTalk hack”

  1. coyote

    'In light of these recent developments, maybe TalkTalk would be wise to hire some teenagers to check out its website security?'

    Unless of course they are script kiddies, in which case maybe not. But if these kids do know it, maybe they should indeed be asked. One hopes being in trouble with the law will turn them towards more legal methods. Whether TalkTalk would be their first employer is another matter entirely, I guess. I suppose we'll have to wait until TalkTalk speaks about the matter – if they do (which I suspect they won't).

    1. Graham CluleyGraham Cluley · in reply to coyote

      I was joshing obviously, but even teenage script kiddies know what a SQL injection attack is, and how important it is for website owners to protect against them.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.