Welcome Your IET account
cyber attack

Two men admit guilt in TalkTalk hacking case that cost firm £42m

Two men in their twenties have admitted charges relating to the cyber-attack on internet service provider TalkTalk in late 2015 that cost the company £42m.

Matthew Hanley, 22, and Connor Allsopp, 20, both from Tamworth in Staffordshire, admitted charges relating to the massive data breach in 2015.

Hanley pleaded guilty to hacking into the website of the telecommunications giant between October 18 and 22, 2015.

He also supplied data for hacking to another man and gave his friend Allsopp the personal and financial details of a TalkTalk customer for the use in fraud.

The attack was the third that TalkTalk had experienced in just one year and resulted in over 150,000 customer details being leaked. 

The company hired the cyber arm of defence contractor BAE Systems to investigate the breach. 

Hanley denied other charges relating hacking into Nasa, the National Climatic Data Centre and another 23 websites including Spotify, Telstra, the RAC and The Eton Collection which were ordered to lie on file.

At an earlier hearing, Allsopp admitted supplying a TalkTalk customer’s details for fraud and as well as files for hacking.

Judge Michael Topolski QC ordered reports for both defendants and adjourned sentencing until 31 May.

In November last year, a 17-year-old youth was handed a 12-month rehabilitation order after he admitted sparking off the TalkTalk hacking when he posted details of a chink in the firm’s online security.

Even though he did not gain from it, the youth paved the way for others to exploit the weakness for money by accessing the data of 160,000 people.

The teenager found the vulnerability in the TalkTalk website using “legitimate software” and shared details of this online.

The TalkTalk website was targeted more than 14,000 times after the boy exposed the vulnerability.

The firm said the fallout from the cyber-attack in October 2015 cost it £42m while the teenager told magistrates at Norwich Youth Court that he was “just showing off to my mates”.

Detectives identified Hanley as a suspect in the early stages of their investigation and he was arrested on 30 October 2015, Scotland Yard said.

Officers seized electrical equipment from his home but found they had been wiped or the data encrypted.

But when they looked at his social media accounts, detectives discovered Hanley had discussed hacking into TalkTalk’s website and getting rid of incriminating evidence.

The chat logs also revealed that having stolen the data from TalkTalk, Hanley got Allsopp to try to sell the personal data of customers.

After Allsopp was arrested in April last year, he admitted the scheme but said it had been unsuccessful, police said.

Detective Chief Inspector Andy Gould, from the Met’s Falcon Cyber Crime Unit, said: “Hanley hacked into TalkTalk’s website in order to steal their customers’ data and looked to sell it on to other criminals and fraudsters who would then go on to use that data for other criminal purposes.

“Hanley thought that he was being smart and covering his tracks by wiping his hard drives and encrypting his data. But what our investigation shows is that no matter how hard criminals try to conceal their activity, they will leave some kind of trail behind.

“This investigation has been painstaking and the work our detectives have done to trace and identify those involved has combined cutting-edge digital forensic techniques with old-fashioned detective work that has led to the conviction of several of those involved, and the investigation continues.”

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles

Info Message

We use cookies to give you the best online experience. Please let us know if you agree to all of these cookies.

Learn more about IET cookies and how to control them