Just days after one of the U.K.’s leading mobile and broadband providers revealed it’d been the victim of what it described as a “significant and sustained” hack on its computer systems, London’s Metropolitan Police said Monday it’d made an arrest in connection with the incident.
TalkTalk, which said the hack may have affected all four million of its customers, announced in a release it was aware of the arrest and was continuing to help with the investigation.
The suspect, a 15-year-old boy, was apprehended at an address in Northern Ireland on Monday afternoon, the Metropolitan Police’s Cyber Crime Unit said on its website. A search of the premises by officers is ongoing and the youth is expected to be interviewed on Tuesday.
TalkTalk revealed on October 22 that its systems had been hacked, with CEO Dido Harding telling the BBC it was “conceivable that all four million customers’ data has been stolen,” including names, addresses, dates of birth, bank and credit card details, phone numbers, and email addresses. Following the attack, Harding revealed that an individual purporting to be the hacker had contacted her demanding money, presumably to stop the data being sold on or used to scam customers.
An update provided by TalkTalk on Monday said that initial investigations indicate that as far as financial information is concerned, credit and debit card numbers were protected. However, it added that bank account numbers and codes “may have been accessed.”
The company also said that initial investigations suggest the amount of information stolen was less than first thought, adding that it would be impossible for the hacker or hackers to break into a bank account. The main fear is that scammers in possession of details such as phone numbers and TalkTalk account numbers could trick customers into making payments into the criminals’ accounts.
Indeed, this is exactly what happened following another TalkTalk breach almost a year ago when customers received calls from scammers posing as genuine TalkTalk representatives. Some of the customers who fell for the ruse ended up revealing their bank details or paying for unnecessary software and services.
This latest data breach has been deemed so serious that U.K. lawmakers have summoned TalkTalk executives to Parliament to explain themselves.