Cut off: Teenager behind £42m TalkTalk hack has hard drive taken away

A teenager found a vulnerability in the TalkTalk website using 'legitimate' software
A teenager found a vulnerability in the TalkTalk website using 'legitimate' software
Have your say

A 17-year-old boy who admitted hacking offences linked to the TalkTalk data breach has been given a 12-month youth rehabilitation order and had his iPhone and computer hard drive confiscated.

The teenager, who cannot be named for legal reasons, found a vulnerability in the website using “legitimate software” and shared details of this online, an earlier hearing at Norwich Youth Court was told.

While he did not exploit the information for gain, the TalkTalk website was targeted more than 14,000 times after the boy exposed the vulnerability.

The firm said the fallout from the cyber attack in October 2015 cost it £42 million and the personal data of nearly 160,000 people was accessed.

The teenager told magistrates “I was just showing off to my mates” as he admitted seven hacking offences.

In a Skype conversation on the day of the breach, he told a friend he had “done enough to go to prison”.

Sentencing him on Tuesday, chair of the bench Jean Bonnick said: “Your IT skills will always be there - just use them legally in the future.”

Two of the seven charges related to the TalkTalk hack, and the boy admitted targeting other websites including Manchester University, Cambridge University and that of Merit Badges, a small family company which supplies martial arts badges.

An application to lift reporting restrictions on the court case and name the teenager was refused by magistrates.

Chris Brown, mitigating, said there had been full reporting of the facts of the case, the application should have been made sooner and naming the teenager could harm his rehabilitation.

“Part of the work that’s ongoing is to draw him out of his bedroom and into the family and properly into the public arena, to someone who doesn’t hide behind a computer for nefarious purposes,” he said.

“He has already committed an offence that has changed his life within his family, his home, his future prospects.

“I would ask you don’t expose that to the world for him to continue to bear that burden through his young life.”

He said the teenager was from a supportive family but the “one place you can’t be so protective these days is online”.

The teenager, who sat with his mother in court, spoke only to confirm that he understood the proceedings.

Ms Bonnick, refusing the application, said: “It’s the bench’s view that this application was not made in a timely fashion.”

After the hearing, Laura Tams, of the Crown Prosecution Service Organised Crime Division, said: “This case involved the deliberate exposure of a security issue on the TalkTalk website which is used by thousands of people every day.

“Through analysis of online chats and other digital footprints, prosecutors were able to demonstrate exactly how the defendant found this weakness and shared the details online.”

The teenager must complete 24 hours of activities as part of the youth rehabilitation order, and he was ordered to pay £85 court costs and a £15 victim surcharge.