Two men imprisoned for their involvement in the 2015 TalkTalk hack
Two men have been jailed in England for their parts in the TalkTalk hack that occurred in October 2015. Matthew Hanley and Connor Allsopp, aged 23 and 21, have been sentenced to 12 and eight-months imprisonment on several charges of obtaining and distributing TalkTalk customer data including the bank details of up to 8,000 customers. Neither man started or exposed the vulnerability in TalkTalk's systems according to Judge Anuja Dhir QC, who remarked that Hanley and Allsopp were "individuals of such extraordinary talent".
BAE Systems suggests that there were up to 10 hackers who caused TalkTalk an estimated £77 million (~ US$98.5 million) in losses, according to The Guardian. Hanley sent a dump of TalkTalk customers' personal and financial details to Allsopp, according to the prosecutor. Allsopp then supplied a file to an online contact that contained TalkTalk customer details for the purpose of fraudulently misusing them, an allegation that he confirmed.
Allsopp also sent the contact files that aided the hack. In a Skype message between the two men, Hanley told Allsopp to "be careful with that dump, don't sell unless 1,000+ and you didn't get it from me." Hanley had been sent files and passwords from a NASA server system by a Skype contact too.
The hack reportedly compromised details of 156,959 customers including 15,656 customers' bank account numbers and sort codes, according to the Information Commissioner's Office (ICO.) The attack occurred between 18 and 22 October 2015, during which hackers subjected the TalkTalk website to DDoS attacks before using SQL injections to compromise the company's SQL databases that contained customer data.
ICO also found that there had been two similar attacks in July and September 2015, but TalkTalk had not acted as the company did not then monitor its webpages. ICO fined TalkTalk £400,000 (~ US512,000) for its security failings.