14 DAY TRIAL // Two men involved in the 2015 data breach of TalkTalk have pleaded guilty and will receive a sentence at the end of next month.
Matthew Hanley, a 22-year-old from Staffordshire, admitted to three offenses, including the hack itself and obtaining and supplying files that would enable the hacking of websites to others. He also said he supplied a spreadsheet containing TalkTalk customer details to others.
The second man is Conner Douglas Allsop from the same town as Hanley, who pleaded guilty to assisting fraud and sharing a file that could help others in similar operations.
Hanley was arrested back in October 2015. Despite the fact that his computer was seized, there wasn't much information there to help authorities. Police then turned to his social media accounts where they discovered conversations about his involvement in the hack, including steps on how to delete any incriminating data.
In those same conversations they found on social media, they discovered Allsopp, whom Hanley asked to sell the data of the TalkTalk customers to make a profit.
Allsop was arrested a year ago. He admitted to the conversations but said he didn't manage to sell the data.
Other arrests have been made
Back in December, another hacker was sentenced to prison in the TalkTalk case - 17-year-old Daniel Kelley, who was believed to be the “mastermind” behind the operation. He will serve 12 months in a youth rehabilitation center due to his age. He was charged with fraud, blackmail and money laundering.
Police have arrested six individuals in relation to the TalkTalk hack, which means another three have to receive their sentences in the near future.
The data breach was quite expensive for the company. On top of a 400,000 pounds fine received from the Information Commissioner Office, the breach itself caused damages of about 42 million pounds.
“This is a good example that many large companies and organizations can be easily hacked without any expensive 0day exploits or advanced APT techniques. Companies spend millions on emerging security technologies, being partially misguided by market hype around new technologies and AI, forgetting to mitigate the very basic and fundamental risks. A comprehensive and holistic risk assessment remains vital for every company regardless of its size, otherwise, any spending on cybersecurity will be useless,” commented Ilia Kolochenko, CEO of web security company High-Tech Bridge.