Police make second arrest following TalkTalk data hack
A second teenage boy has been arrested in connection with the cyber attack on TalkTalk.
Detectives from the Metropolitan Police Cyber Crime Unit arrested a 16-year-old boy at an address in Feltham, London, on suspicion of Computer Misuse Act offences. The boy has since been bailed.
Officers have completed a search of the address in Feltham and are also searching a residential property in Liverpool.
A 15-year-old boy from County Antrim, Northern Ireland, was arrested on Monday by officers from the Police Service of Northern Ireland, working with detectives from the Cyber Crime Unit.
He was questioned at a police station in County Antrim before being bailed until November.
TalkTalk confirmed last week that its website had been hacked, compromising the personal data of its four million customers.
It has since said the amount of data potentially stolen is “smaller than originally thought” and it will only waive contract termination fees on a "case by case basis" if money is stolen from a customer’s bank account as a direct result of the attack.
But legal experts have said that customers may be able to get out of their contracts – as long as they can prove that the company seriously breached the terms of its contract.
TalkTalk – which has been attacked three times this year – said investigations so far suggest the information accessed is not enough on its own to take money from customers’ bank accounts.
The company said at the weekend that no ‘My Account’ passwords had been accessed and any card details that may have been stolen had the middle six digits blanked out.
“The number of customers affected and the amount of data potentially stolen is smaller than originally thought,” it said in a statement.
“Our website was attacked, but our core systems weren’t and remain secure.”
The provider has offered customers 12 months’ free credit monitoring through credit reporting service Noddle.
'Scale of attack'
UPDATE: TalkTalk has revealed that the amount of personal data accessed in the attack was "significantly less than originally suspected".
The provider said it included up to 21,000 unique bank account numbers and sort codes; up to 28,000 obscured credit and debit card details – with the middle six digits removed.
Up to 15,000 customer dates of birth were accessed, along with up to 1.2m customer email addresses, names and phone numbers.
TalkTalk said the credit and debit card details cannot be used for financial transactions and it has shared the affected bank details with the major UK banks so they can take protect customers’ accounts.
CEO Dido Harding said: "Given the potential size of this attack, we decided to be as open, honest and transparent as we could because we wanted to keep our customers informed and ensure they had the advice and support they need.
"Today we can confirm that the scale of attack was much smaller than we originally suspected, but this does not take away from how seriously we take what has happened and our investigation is still on going.
"On behalf of everyone at TalkTalk, I would like to apologise to all our customers. We know that we need to work hard to earn back your trust and everyone here is committed to doing that."
Why do we need your postcode?
Once you enter your postcode, Cable.co.uk will perform a live lookup and check all the available providers in your area.
This ensures you receive accurate information on the availability of providers and packages in your area.
Your information is safe with us. We won't share your postcode with anyone. Guaranteed.