Police Arrest Third TalkTalk Hack Suspect

Matthew Broersma,

Police searched an address in south Staffordshire and arrested its 20-year-old occupant as the TalkTalk breach investigation continues

Police on Saturday arrested a third suspect in connection with the recent hack of TalkTalk, which said the severity of the breach was less than had been thought.

A 20-year-old man was arrested at an address in south Staffordshire, where police used a search warrant, the Metropolitan Police said on Sunday.

police handcuff security crime keyboard © Oleksiy Mark Shutterstock

Third arrest

The unnamed man was arrested on suspicion of violations of the Computer Misuse Act and was bailed until early March.

Police have also arrested a 15-year-old boy from Northern Ireland and a 16-year-old boy from Feltham, west London, in connection with the attack. The 15-year-old was bailed until November and the 16-year-old until a date that hasn’t been confirmed by police.

Police have also searched a residential property in Liverpool in connection with the breach.

TalkTalk’s systems were breached on 21 October in the third such incident to affect the company within a year.

‘Less extensive than thought’

The company said last week that the extent of the breach was “significantly less” than had been thought. About 21,000 unique bank account numbers and sort codes, 28,000 partial credit and debit card details, 15,000 customer birth dates and 1.2 million email addresses, names and telephone numbers were exposed, TalkTalk said in an advisory.

The card numbers were stored with the middle six digits removed, and TalkTalk said criminals would need more information to exploit bank account numbers and sort codes.

The company is offering users a year’s worth of free credit monitoring and said it will waive termination fees for customers who suffer a monetary loss as a direct result of the hack.

Customer details stolen in previous TalkTalk hacks have been used in scams resulting in the theft of significant amounts of money, but the company maintains it bears no responsibility for fraud cases in which victims have been tricked into providing additional information to criminals.

The Metropolitan Police’s Cyber Crime Unit is continuing to investigate the breach, according to TalkTalk.

Are you a security pro? Try our quiz!