The
breach exposed the personal data of 160,000 people and cost the telecom company
£77 million
Two young Brits have been jailed for their
roles in the breach at the telecommunications company TalkTalk in 2015, The Guardian reports.
The Old Bailey criminal court in London
sentenced Matthew Hanley, 23, and Connor Allsopp, 21, both from Staffordshire,
to 12 and 8 months in jail, respectively.
As we wrote in April 2017, both youngsters admitted to their
roles in the data breach that unfolded between 18-22 October 2015 and exposed
the names, addresses, dates of birth, email addresses, and phone numbers of
almost 160,000 people. Additionally, almost 16,000 of the victims also had
their banking credentials stolen.
Hanley copped to several charges of violating
the Computer Misuse Act, including those related to his obtaining files to
enable the hack, compromising the website of the telecom giant, and passing on
the stolen details to his associate.
Hanley sought to escape justice by encrypting
some data and erasing the rest, as also corroborated by a statement from the Metropolitan Police. However, he
wouldn’t resist boasting of his misdeeds to his peers on social media, which
proved to be his undoing when police accessed the logs of the conversations.
Meanwhile, Allsopp fessed up to sharing a
spreadsheet containing the data with another user for fraud and to attempting
to sell it off to cybercriminals.
In December 2016, a 17-year-old youth was sentenced to a 12-month rehabilitation order for
identifying the vulnerabilities on the target websites that were exploited for
the attack, which used a common technique known as SQL injection.
The breach cost the company £77 million,
including a record-high fine from the United Kingdom’s data watchdog,
The Information Commissioner’s Office (ICO). Information Commissioner Elizabeth
Denham didn’t mince words when announcing the penalty: “TalkTalk’s failure to
implement the most basic cybersecurity measures allowed hackers to penetrate
TalkTalk’s systems with ease … TalkTalk should and could have done more to
safeguard its customer information. It did not and we have taken action”.