Hackers jailed for stealing TalkTalk customer details in £77m attack

TalkTalk headquaters in west London Credit: PA

Two friends have been jailed for their roles in a £77 million hack on the TalkTalk website.

Matthew Hanley, 23, and Connor Allsopp, 21, both from Tamworth in Staffordshire, admitted charges relating to the massive data breach of customers’ details in 2015.

At the Old Bailey on Monday, Judge Anuja Dhir QC jailed Hanley for 12 months and Allsopp for eight months.

She said it was a tragedy to find “two individuals of such extraordinary talent” in the dock.

She told the pair: “You were both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk.

“The prosecution accept that neither of you exposed the vulnerability in their systems, others started it, but you at different times joined in.

“The attack led to you and others gaining access to TalkTalk’s clients’ confidential information. The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there.

“Given the scale of the attack, the number of people whose confidential information was stolen and then passed on to others, I’m sure that your actions caused misery and distress to many thousands of the customers of TalkTalk.

“Your actions, the actions of others, resulted in the then-CEO of TalkTalk being subjected to repeated attempts to blackmail her for money. You were not personally involved in making those attempts but your actions helped facilitate it.”

The court heard how TalkTalk spotted “latency issues” on its website early on October 21 2015 and launched an investigation.

Later that day, then-chief executive Dido Harding was subjected to repeated attempt to blackmail her, with demands for Bitcoins in exchange for stolen data.

TalkTalk reported the cyber attacks to police and the National Crime Agency and the next day made public statements to alert customers.

Investigations revealed details relating to 156,959 accounts were accessed, and of these, 15,656 had their bank account and sort code numbers accessed.

An analysis by BAE Systems suggested there may have been up to 10 attackers.

Hanley, was described as a “determined and dedicated hacker”.

He admitted hacking TalkTalk and sharing banking and other details of more than 8,000 customers to Allsopp and an online user.

The fourth charge, under the Computer Misuse Act, related to obtaining a number of computer files including names and passwords for server systems belonging to Nasa, handed to Hanley by a Skype contact as a “little present”.

Allsopp admitted supplying a file of TalkTalk customers’ details to an online user for fraud, as well as files for hacking.

Investigating officer, Detective Constable Rob Burrows from the Met Police’s Falcon Cyber Crime Unit, said: “Hanley thought he was clever covering his tracks, concealing and destroying evidence on his computers.

“However the extensive investigation, specialist skills and technical expertise utilised by our team led to the identification of these two virtual offenders bringing them into the ‘real world’. This secured overwhelming digital evidence leading to the guilty pleas and sentencing today.

“Our investigation proves regardless of the efforts and techniques deployed by cyber criminals to conceal their identities and activities, they will leave a trace and will be identified, pursued and prosecuted. “