TalkTalk hack attack: Friends admit role in £42m cyber attack on website

Francesca Gillett
The £42 million hack happened in October 2015: Stefan Wermuth/Reuters

Two friends could face jail for their part in the £42 million hacking attack on website TalkTalk.

The two men today pleaded guilty to charges relating to the massive security breach in October 2015, which saw thousands of customers’ information stolen.

Matthew Hanley, 22, and Connor Allsopp, 20, both from Tamworth in Staffordshire, admitted charges on Wednesday.

Hanley pleaded guilty to hacking into the website of the telecommunications giant between October 18 and 22 2015.

He also passed on data for hacking to another man and gave his friend Allsopp a spreadsheet containing the personal and financial details of a TalkTalk customer for the use in fraud.

At an earlier hearing, his friend Allsopp, of Coronation Street, admitted supplying a TalkTalk customer's details for fraud and as well as files for hacking.

Judge Michael Topolski QC ordered reports for both defendants and adjourned sentencing until May 31.

In November last year, a 17-year-old youth was handed a 12-month rehabilitation order after he admitted sparking off the TalkTalk hacking when he posted details of a chink in the firm's online security.

Even though he did not gain from it, the youth paved the way for others to exploit the weakness for money by accessing the data of 160,000 people.

The teenager found the vulnerability in the TalkTalk website using "legitimate software" and shared details of this online.

The TalkTalk website was targeted more than 14,000 times after the boy exposed the vulnerability.

The cyber attack saw thousands of customers' details available to hackers. (Shutterstock )

The firm said the fallout from the cyber attack in October 2015 cost it £42 million and the personal data of nearly 160,000 people was accessed.

The teenager told magistrates at Norwich Youth Court that he was "just showing off to my mates".

Detectives identified Hanley as a suspect in the early stages of their investigation and he was arrested on October 30 2015, Scotland Yard said.

Officers seized electrical equipment from his home but found they had been wiped or the data encrypted.

But when they looked at his social media accounts, detectives discovered Hanley had discussed hacking into TalkTalk's website and getting rid of incriminating evidence.

Hanley, of Devonshire Drive, denied other charges relating to hacking into Nasa, the National Climatic Data Centre and another 23 websites including Spotify, Telstra, the RAC and The Eton Collection which were ordered to lie on file.

DCI Andy Gould, from the Met's Falcon Cyber Crime Unit, said: "Hanley hacked into TalkTalk's website in order to steal their customers' data and looked to sell it on to other criminals and fraudsters who would then go on to use that data for other criminal purposes.

"Hanley thought that he was being smart and covering his tracks by wiping his hard drives and encrypting his data. But what our investigation shows is that no matter how hard criminals try to conceal their activity, they will leave some kind of trail behind.

"This investigation has been painstaking and the work our detectives have done to trace and identify those involved has combined cutting-edge digital forensic techniques with old-fashioned detective work that has led to the conviction of several of those involved, and the investigation continues."

By using Yahoo you agree that Yahoo and partners may use Cookies for personalisation and other purposes