A 17-year-old was just sentenced to 12 months in rehabilitation after confessing to the October 2015 hack of internet service provider TalkTalk. The hacker “admitted seven charges including gathering personal information from customers and posting confidential company information online,” Reuters announced.
When the attack was confirmed, the company was not certain of the exact number of affected customers. Following the hack, personal data of 4 percent of customers, or about 157,000, was leaked, including bank account numbers and sort codes.
“Our ongoing forensic analysis of the site confirms that the scale of the attack was much more limited than initially suspected. It was a difficult decision to notify all our customers of the risk before we could establish the real extent of any data loss,” the company said after the breach. “We believe we had a responsibility to warn customers ahead of having the clarity we are finally able to give today.”
Once the vulnerabilities in the system were revealed, others could also hack the company, which was fined £400,000 for lax security that exposed user data. Subsequently, TalkTalk confirmed that the hack led to a loss of £60 million and 95,000 customers.
“This case involved the deliberate exposure of a security issue on the TalkTalk website which is used by thousands of people every day,” Laura Tams of the Crown Prosecution Service said on Tuesday. “Through analysis of online chats and other digital footprints, prosecutors were able to demonstrate exactly how the defendant found this weakness and shared the details online.”
The hacker also confessed to hacking the University of Cambridge and the University of Manchester.