Staffordshire Pair Jailed For Role In Massive TalkTalk Breach

Two Staffordshire men have been jailed after admitting the roles they played in a huge data breach at TalkTalk in 2015 that cost the ISP £77 million.

Matthew Hanley, 23, was jailed for 12 months and Connor Allsopp, 21, for eight months. Both men are from Tamworth.

On Monday judge Anuja Dhir QC of the Old Bailey said it was tragic to find two individuals of “extraordinary talent” in the dock, according to The Guardian.

“You were both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk,” she said. “Neither of you exposed the vulnerability in their systems, others started it, but you at different times joined in.”

‘Misery and distress’

She said their actions had caused “misery and distress to the many thousands of the customers at TalkTalk”.

Hanley pleaded guilty last year to taking part in the hack, which occurred from 18-22 October 2015, and to supplying data on the site’s vulnerabilities to another man, as well as to giving his friend Allsopp users’ personal details for use in fraud.

He was also found to have obtained a file of names and passwords for NASA servers, passed to him by a Skype contact as a “little present”.

Allsopp  admitted to supplying a file of TalkTalk customer data to a contact for fraud, and also to supplying vulnerability data on the TalkTalk website.

Prosecutor Peter Ratliff described Hanley as a “determined and dedicated hacker”, and noted that he had erased the contents of his computer before his arrest.

Investigators determined what his actions had been by extracting data from the wiped system and from Skype messages.

‘It’s jail time’

An analysis by BAE Systems suggested up to 10 individuals may have participated in  the attack.

Hanley sent details on more than 8,000 bank accounts to another user, with the message “Mate, it’s jail time”, the court heard.

The prosecution did not view the file itself but deduced its contents by the fact that “it was that material he repeatedly boasted of having”, Ratliff said.

He told the contact: “Be careful with that dump, don’t sell unless 1,000+ and you didn’t get it from me.”

A 17-year-old boy admitted in November 2016 to posting details of TalkTalk vulnerabilities, which information later led to the breach, telling Norwich Youth Court he was just “showing off”.