Police have confirmed a second arrest in their investigation of the most recent TalkTalk breach, with a 16 year old Londoner the latest to be assisting with enquiries.
Telcoms giant TalkTalk hit headlines earlier this month when it confirmed a major security breach
that saw personal and banking details - including unencrypted credit card numbers - for its customers taken by persons unknown. In the days that followed, a tale of lax security and failure to follow best practices - including a defence by TalkTalk head Baroness Harding on the company's failure to encrypt customers' personal information by claiming that it was not a legal requirement under the Data Protection Act - emerged, before police made their first arrest: a 15 year old from County Antrim
, Northern Ireland.
Now, police have arrested a second person in connection with the case, and it's again a youth: an unnamed 16 year old male from Feltham, West London, was taken into custody on suspicion of offences against the Computer Misuse Act. Following his arrest, announced this morning, the police released the youth on bail pending formal charges at a date yet to be confirmed.
Rather than reassuring, however, the arrests are likely to prove embarrassing for TalkTalk and worrying for its customers. The company had talked up a 'significant and sustained cyber attack
' against its systems which would otherwise have proven secure - despite two other, less serious, breaches in this year alone - which it now appears was masterminded and carried out by mere youths, a damning indictment of the company's approach to information security.
TalkTalk is continuing to work with the Metropolitan Police Cyber Crime Unit in its investigation of the attack.