A 15-year-old boy has been arrested in Northern Ireland in connection with the investigation into alleged data theft from the TalkTalk website.
“On Monday, 26 October, at approximately 16:20hrs officers from the Police Service of Northern Ireland (PSNI), working with detectives from the Metropolitan Police Cyber Crime Unit (MPCCU), executed a search warrant at an address in County Antrim, Northern Ireland,” the MPCCUstated.
“At the address, a 15-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has been taken into custody at a County Antrim police station where he will later be interviewed. A search of the address is ongoing and enquiries continue.”
No more details are currently available.
TalkTalk commented the arrest by saying that they “are grateful for the swift response and hard work of the police” and that they will continue to assist with the investigation.
Apparently, the amount and “quality” of data stolen following the breach is lesser than it was initially reported: the company did not store complete credit card details on the website, and account passwords weren’t compromised.
News of the breach has affected the company considerably: its shares fell 12% on Monday.
Aside from law enforcement, the UK Information Commissioner’s Office (ICO) has also been informed of the breach and is looking into the matter, trying to establish whether the company has implemented suitable security measures to prevent personal data from being compromised.
TalkTalk CEO Dido Harding previously stated that they were not legally required to encrypt customer bank details.
“If personal data has been stolen, then a notification will be required to the ICO and there is a chance that TalkTalk will suffer fines as a result,” Alex Cravero, commercial associate at technology lawyer firm Kemp Little, toldThe Register.
“At present, the ICO is permitted to fine up to £500,000. If this happened with the GDPR [General Data Protection Regulation] in place, TalkTalk could be looking at significantly greater fines of up to €100 million or 5 per cent of annual turnover.”
TalkTalk could also suffer considerable losses if the stolen information is used to defraud affected customers and they decide to sue the company.