British police have arrested a fourth person, a 16 year old boy from Norwich, in connection with the recent cyber-attack on TalkTalk’s website (here), which resulted in the personal details of 1.2 million broadband ISP customers being stolen by Internet criminals.
The attack itself, which appeared to combine a Distributed Denial of Service (DDoS) assault and later an SQL Injection exploit against the ISP’s website, has kept the ISP’s online ordering system offline for nearly two weeks. Further details about exactly what was stolen from TalkTalk’s servers were revealed last week (here).
Other than yesterday’s event the police have also arrested another 16-year-old boy in west London, a 15-year-old boy in Northern Ireland and a 20-year-old man from Staffordshire in central England; all under the Computer Misuse Act. So far three of those have been released on bail pending a further hearing.
At this stage it’s unclear whether all of those who have been arrested are directly connected to the hack itself or merely got caught up in the aftershocks, such as by sharing the database in public. The investigation continues.
UPDATE 10:31am
The Culture, Media and Sport Commons Select Committee have today launched an inquiry into cyber security following the recent hack of TalkTalk’s website, which will also examine any wider implications for the ISP and telecoms market.
Jesse Norman MP, Chair of the Committee, said:
“The recent events have highlighted serious issues relating both to existing cyber-security and the response to cyber-crime. This Committee is concerned with the attacks on TalkTalk specifically as a telecoms and internet service provider, but with the recent move of the Information Commissioner’s Office to DCMS, we will also be looking more widely at the security of personal information online.”
The Committee is seeking views on following areas:
* The nature of the cyber-attacks on TalkTalk’s website and TalkTalk’s response to the latest incident.
* The robustness of measures that telecoms and internet service providers are putting in place to maintain the security of their customers’ personal data and the level of investment being made to ensure their systems remain secure and anticipate future threats.
* The nature, role and importance of encryption in protecting personal data.
* The adequacy of the supervisory, regulatory and enforcement regimes currently in place to ensure companies are responding sufficiently to cyber-crime.
* The adequacy of the redress mechanisms and compensatory measures for consumers when security breaches occur and individuals’ personal data are compromised
* Likely future trends in hacking, technology and security.
The deadline for written submissions is Monday 23rd November 2015 and you can find more details on the Government’s website (here).
Comments are closed