The hack of telecoms firm TalkTalk dominated the headlines in the United Kingdom last week as the company struggled to respond to accusations that it had dropped the ball (it was the third data breach impacting TalkTalk customers in the last 12 months) and gave customers some poor advice.
I’m not sure if upset TalkTalk customers and rattled investors were relieved to hear that whoever most recently hacked the firm might not have been “Islamic cyber jihadis” after all, or concerned that such a well-known company could have been hacked by a 15-year-old teenager from Northern Ireland using a rudimentary SQL injection attack.
Regardless, the police have now followed up Monday’s raid in County Antrim with a second arrest related to the TalkTalk data breach, this time of a 16-year-old boy at an address in Feltham.
Here is part of what the Metropolitan Police’s press release says:
On Thursday, 29 October, detectives from the Metropolitan Police Cyber Crime Unit (MPCCU) executed a search warrant at an address in Feltham. At the address, a 16-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has now been bailed – we await confirmation of the bail date.
A search of the residential address in Feltham has been completed. Officers have also searched a residential address in Liverpool.
Of course, I have no way of knowing if these teenagers were involved in the hack, and we have to allow proper legal processes to take their course.
But, as I explain in the video I made at the time of the first arrest, any business which has not protected its website against SQL injection attacks probably needs to go back to the classroom itself.
If you would like me to make more videos, please consider subscribing to my YouTube channel.
In light of these recent developments, maybe TalkTalk would be wise to hire some teenagers to check out its website security?
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.