The teenage prime suspect arrested by police investigating a cyber attack at TalkTalk has been released on bail.
Police arrested the 15-year-old at his family's home in Ballymena,
Northern Ireland, on Monday. He was released on bail on Tuesday morning
after being questioned by detectives overnight and will be required to
report back to police next month.
The teenager, from Ballymena, County Antrim, was questioned overnight
by officers from the
Metropolitan police’s cybercrime unit on suspicion
of Computer Misuse Act offences. Anyone found guilty under the
legislation facesup to 10 years in jail and an unlimited fine.
Neighbours at the family's Unionist estate said that the police were
still there at 11pm on Monday night. Kathy Haveron, 39, told the Telegraph: "I got home from my mum's at 11pm last night and there were still police around. They were around most of the night."
His age came as a shock to security experts who believed that Russia or Isis was behind the attacks.
In an internet post last year the teenager said he is a keen video
game player. “I’m a 14 year old gamer who one day wants to be a
professional call of duty player," he wrote.
TalkTalk said it is working with cyber crime experts, the security
services and the police to complete a “thorough investigation” following
last week’s data theft. The National Crime Agency is also working on
the joint investigation and MPs have also launched an inquiry.
TalkTalk, which has more than four million customers in the UK, said
bank details and personal information could have been accessed, but
credit and debit card numbers had not been stolen. It is the third time
in nine months that the company’s security systems have been breached by
hackers leaving customers furious.
TalkTalk pledged to waive exit fees in some cases where people want
to leave their contract - but only in the “unlikely” event money is
stolen from them. Customers will need to show that money was stolen from
their bank account as a direct result of the cyber attack - and not
because they have handed over their personal details themselves – if
they want to avoid being charged a termination fee, TalkTalk said.
Millions of people who cancelled their TalkTalk contracts years ago
may also have fallen victim to the cyber attack. One former customer
told the Independent he was shocked to discover the company retained his
personal information despite closing his account months ago.
The man in his 60s, who did not want to be identified, only
discovered his details were still being retained when he contacted the
firm on behalf of his mother to set up an account for her. He gave his
email address for the main contact, but it was rejected as he “already
had a TalkTalk account”.
The former customer was told that the TalkTalk system remembers all
email addresses to enable the company “to refuse other users from using
the same email address”.
He was told: “No one can use your email address with TalkTalk again because it is considered as ‘orphaned’.”
Another customer services representative quoted the Data Protection
Act and told the man: “Orphaned email addresses must never be removed
from the original account and added to another account. Do not reset
passwords for orphaned accounts. Never delete an orphaned email address.
Orphaned email addresses should never be added to another account, even
when the owner of the original e-mail address is deceased.”
The man told the Independent: “I am concerned that an organisation so
clearly prone to data loss is jeopardising all its previous customers
too, by issuing internal edicts that no data should be deleted, even
when a customer leaves. I’d like to think that when I leave a company my
data goes with me, not that it retains their property to retain and use
as they see fit.”
A spokesman for TalkTalk, which has been operating since 2006, said:
“There is a risk and a chance that some previous TalkTalk customers’
details were stored on the website. At the moment we can’t rule it out.
“We know this has been a worrying time for customers and we are
grateful for the swift response and hard work of the police. We will
continue to assist with the ongoing investigation.”
There was some better news for the company today as shares rebounded
nine per cent following a 12 per cent drop the previous day.
Meanwhile Financial Fraud Action UK warned consumers that fraudsters
could capitalise on confusion following the hack to trick people into
handing over personal details about themselves, which can then be used
to empty victims’ bank accounts.
It said that people should be “extremely wary” of any call, text or
email they receive out of the blue, even if it claims that there has
been fraud on their account.
Dave Palmer, Director of Technology at cyber threat defence company
Darktrace, said: “This is the latest example that shows cybersecurity is
a real challenge for every business, and Board of Directors should
waste no time in taking a good look at their organisation and addressing
its vulnerabilities.”
Subscribe to:
Post Comments (Atom)
No comments:
Write comments