, ,

Hackers jailed for one of the biggest data breaches in history

data breach

Two friends from Staffordshire who carried out a huge data hack have been jailed. The pair, who are aged just 21 and 23, breached the TalkTalk website in 2015 as part of a group of hackers.

During the raid, the pair managed to get away with the names, addresses and dates of birth of 1.6 million TalkTalk customers, before sharing much of the data online. They pleaded guilty last year to various charges related to the cyberattack.

How did the hack affect TalkTalk?

TalkTalk was subsequently fined £400,000 by the Information Commissioner’s Office (ICO) for not appropriately securing the data. In total it is thought that the cybersecurity incident has cost the telecoms firm a whopping £77 million in lost business.

In this case, the flaw in TalkTalk’s website that sparked the breach was exposed by another 17-year-old boy. The “significant, sophisticated systematic hack” is thought to be one of the biggest data breaches in history.

TalkTalk spotted issues with its site on 21 October 2015 and immediately launched an investigation before warning customers the following day. However, an inquiry by the ICO found that that insufficient security at the company permitted customer data to be accessed “with ease”. And that TalkTalk could have prevented the data breach if it had taken basic steps to protect its customers’ information.

According to the ICO: “For no good reason, TalkTalk appears to have overlooked the need to ensure it had robust measures in place despite having the financial and staffing resources available”.

What did the judge say?

Following the hack, TalkTalk’s then CEO faced blackmail attempts, with the hackers demanding Bitcoin in exchange for the stolen data.

Commenting on the two hackers, the judge said that they were “individuals of extraordinary talent” and that she was sure that their actions “caused misery and distress to the many thousands of the customers at TalkTalk.”

The pair were also caught with stolen login details to NASA systems.

The judge came down hard on the young cybercriminals, stating that “It is of the first importance that the court sends a clear message. Illegal activities on this scale are not a game. They will be taken very seriously by the courts.”

What to do immediately after a data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you should:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • Contact your bank and/or credit card providers immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.
  • If you are offered any form of compensation or free services from the organisation that put your data at risk it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  • Contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.