Duo jailed for part in £77m TalkTalk hack

Both admitted charges relating to massive data breach of customers’ details

The Old Bailey court in London.
The Old Bailey court in London.

Two friends have been jailed in the UK for their roles in a £77 million (€86.4 million) hack on the TalkTalk website.

Matthew Hanley, 23, and Connor Allsopp, 21, both from Tamworth in Staffordshire, admitted charges relating to the massive data breach of customers’ details in 2015.

At the Old Bailey on Monday, Judge Anuja Dhir QC jailed Hanley for 12 months and Allsopp for eight months.

She said it was a tragedy to find “two individuals if such extraordinary talent” in the dock.

READ SOME MORE

She told the pair: “You were both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk.

“The prosecution accept that neither of you exposed the vulnerability in their systems, others started it, but you at different times joined in.

“The attack led to you and others gaining access to TalkTalk’s clients’ confidential information. The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there.

“Given the scale of the attack, the number of people whose confidential information was stolen and then passed on to others, I’m sure that your actions caused misery and distress to many thousands of the customers of TalkTalk.

“Your actions, the actions of others, resulted in the then-CEO of TalkTalk being subjected to repeated attempts to blackmail her for money. You were not personally involved in making those attempts but your actions helped facilitate it.”

The court heard how TalkTalk spotted “latency issues” on its website early on October 21st, 2015 and launched an investigation.

Later that day, then-chief executive Dido Harding was subjected to repeated attempt to blackmail her, with demands for Bitcoins in exchange for stolen data.

TalkTalk reported the cyber attacks to police and the National Crime Agency and the next day made public statements to alert customers.

Investigations revealed more than 1.6 million accounts containing sensitive data were affected.

An analysis by BAE Systems suggested there may have been up to 10 attackers.

Hanley, was described as a “determined and dedicated hacker”.

He admitted hacking TalkTalk and sharing banking and other details of more than 8,000 customers to Allsopp and an online user.

The fourth charge, under the Computer Misuse Act, related to obtaining a number of computer files including names and passwords for server systems belonging to Nasa, handed to Hanley by a Skype contact as a “little present”.

Allsopp admitted supplying a file of TalkTalk customers’ details to an online user for fraud, as well as files for hacking.

- PA