Another teenager arrested in connection with TalkTalk hack

Graham Cluley
@gcluley

The hack of telecoms firm TalkTalk dominated the headlines in the United Kingdom last week as the company struggled to respond to accusations that it had dropped the ball (it was the third data breach impacting TalkTalk customers in the last 12 months) and gave customers some poor advice.

I’m not sure if upset TalkTalk customers and rattled investors were relieved to hear that whoever most recently hacked the firm might not have been “Islamic cyber jihadis” after all, or concerned that such a well-known company could have been hacked by a 15-year-old teenager from Northern Ireland using a rudimentary SQL injection attack.

Regardless, the police have now followed up Monday’s raid in County Antrim with a second arrest related to the TalkTalk data breach, this time of a 16-year-old boy at an address in Feltham.

Here is part of what the Metropolitan Police’s press release says:

Sign up to our newsletter
Security news, advice, and tips.

On Thursday, 29 October, detectives from the Metropolitan Police Cyber Crime Unit (MPCCU) executed a search warrant at an address in Feltham. At the address, a 16-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has now been bailed – we await confirmation of the bail date.

A search of the residential address in Feltham has been completed. Officers have also searched a residential address in Liverpool.

Of course, I have no way of knowing if these teenagers were involved in the hack, and we have to allow proper legal processes to take their course.

But, as I explain in the video I made at the time of the first arrest, any business which has not protected its website against SQL injection attacks probably needs to go back to the classroom itself.

If you would like me to make more videos, please consider subscribing to my YouTube channel.

In light of these recent developments, maybe TalkTalk would be wise to hire some teenagers to check out its website security?

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 comments on “Another teenager arrested in connection with TalkTalk hack”

  1. 'In light of these recent developments, maybe TalkTalk would be wise to hire some teenagers to check out its website security?'

    Unless of course they are script kiddies, in which case maybe not. But if these kids do know it, maybe they should indeed be asked. One hopes being in trouble with the law will turn them towards more legal methods. Whether TalkTalk would be their first employer is another matter entirely, I guess. I suppose we'll have to wait until TalkTalk speaks about the matter – if they do (which I suspect they won't).

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.