TalkTalk data breach
A 17-year-old boy has admitted that he hacked TalkTalk last October, but claimed he was “just showing off” to friends.
The boy told magistrates: “I didn’t think of the consequences at the time. I was just showing off to my mates.”
“It was a passion, not any more. I won’t let it happen again. I have grown up,” he added.
He was in attendance at Norwich Youth Court where he will be sentenced next month after pleading guilty to seven hacking-related charges.
>See also: 7 key lessons from TalkTalk’s data breach
Sentencing will fall under breaching the Computer Misuse Act. A further six other people were arrested in connection with the attack, and the boy’s solicitor Chris Brown stressed he had played a small part in the scam, adding his behaviour had been that of an immature 16-year-old.
The teenager told the court that he had used hacking tool software to identify vulnerabilities on target websites.
The data breach, in October 2015, exposed 157,000 TalkTalk customers email addresses, names and phone numbers, as well as 21,000 unique bank account numbers and sort codes.
Talk Talk’s data breach resulted in the theft of personal details belonging to 157,000 customers.
The resulting £400,000 fine, imposed last month, was the highest ever imposed by the Information Commissioner’s Office (ICO), with TalkTalk’s lacklustre cyber security the main issue.
The Information Commissioner, Elizabeth Denham, said that TalkTalk’s “failure to implement the most basic cyber security measures allowed hackers to penetrate systems with ease”.
The ICO’s stance should act as a warning to others that it’s taking the safeguarding of data seriously.
As businesses continue to collect and store more sensitive information on customers, employees and partners, the regulator will use all its power to ensure firms are held accountable.
Building up to the new EU GDPR, getting a business’s house in order will become increasingly important.