This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.theguardian.com/uk-news/2015/oct/27/talktalk-boy-arrested-alleged-cyber-attack-bailed-northern-ireland

The article has changed 6 times. There is an RSS feed of changes available.

Version 2 Version 3
TalkTalk hack: boy arrested over alleged cyber-attack is bailed TalkTalk hack: boy arrested over alleged cyber-attack is bailed
(about 2 hours later)
A teenage boy who was arrested in Northern Ireland as part of the investigation into the alleged cyber-attack on TalkTalk has been released, police have said.A teenage boy who was arrested in Northern Ireland as part of the investigation into the alleged cyber-attack on TalkTalk has been released, police have said.
Scotland Yard said the 15-year-old was freed on bail until a date in November pending further inquiries on Tuesday morning. He had been arrested on Monday afternoon at a house in the Ballymena area of County Antrim. Scotland Yard said the 15-year-old was questioned on suspicion of offences under the Computer Misuse Act, but freed on bail on Tuesday morning pending further inquiries.
The boy was initially arrested by the Police Service of Northern Ireland (PSNI) and questioned by officers from the Metropolitan police’s cybercrime unit. The North Antrim MP Ian Paisley urged the press to respect the privacy and requests of the family of the boy, after he was named in some media reports.
Related: TalkTalk cyber-attack: company unsure how many customers affected The Democratic Unionist MP said: “I have spoken with the mother of the teenager arrested and bailed in relation to the TalkTalk case. The family are trying to come to terms with this situation and although they appreciate the wide public and press interest in this matter, can I appeal for the press to cease contacting the family at their home.
“They cannot comment publicly and the teenager in question cannot make any public comments. I would appeal to the press to respect the family’s request for privacy and allow the process of law and order to run its course.”
The boy was arrested on Monday afternoon at a house in the Ballymena area of County Antrim by the Police Service of Northern Ireland (PSNI) and questioned by officers from the Metropolitan police’s cybercrime unit.
His arrest was the first major development since the phone and broadband provider said last week it had been hacked, prompting warnings from the company that the bank details and personal information of its 4 million customers may have been accessed.His arrest was the first major development since the phone and broadband provider said last week it had been hacked, prompting warnings from the company that the bank details and personal information of its 4 million customers may have been accessed.
The boy was questioned overnight by officers at an Antrim police station on suspicion of offences under the Computer Misuse Act. A search of the address where he was arrested was carried out and enquiries continue, police said on Tuesday. Related: TalkTalk cyber-attack: company unsure how many customers affected
A statement from the PSNI said: “A 15-year-old youth, arrested in County Antrim yesterday as part of the investigation into the alleged theft of data from the firm Talk Talk, has been released on bail pending further enquiries.
“The investigation being conducted by the Metropolitan police cyber crime unit, Police Service of Northern Ireland and National Crime Agency is continuing.”
Jonathan Craig, a Democratic Unionist member of Northern Ireland’s Policing Board, said the arrest of the boy was part of the most significant investigation into alleged hacking in the region ever.Jonathan Craig, a Democratic Unionist member of Northern Ireland’s Policing Board, said the arrest of the boy was part of the most significant investigation into alleged hacking in the region ever.
Craig said if the boy was proven to have taken part in the alleged hack, it would raise serious questions about how a teenager in Co Antrim could have been able to infiltrate a major telecommunications company.Craig said if the boy was proven to have taken part in the alleged hack, it would raise serious questions about how a teenager in Co Antrim could have been able to infiltrate a major telecommunications company.
A statement from TalkTalk on Monday said: “We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police. We will continue to assist with the ongoing investigation. Meanwhile, TalkTalk, which has four million UK customers, has pledged to waive exit fees in some cases where people want to leave their contract - but only if money is stolen from them.
“In the meantime, we advise customers to visit http://talktalk.co.uk/secure for updates and information regarding this incident.” In order to leave without being hit by a termination fee, customers will need to show that money was stolen from their bank account as a direct result of the cyber attack and not because they have handed over their personal details themselves.
On Monday, it was announced that TalkTalk executives were to be summoned before MPs to explain how hackers were able to steal customer bank details as the company continues to try to limit the damage of last week’s cyber-attack. The phone and broadband provider has said that in the “unlikely” event that cash is taken from someone’s account as a direct result of the cyber attack, then it will waive termination fees as a “gesture of goodwill”.
The culture minister, Ed Vaizey, told the House of Commons that an inquiry into the TalkTalk hack would be launched by Jesse Norman, chair of the culture, media and sport select committee. Customers will need to write to TalkTalk with proof of the fraudulent bank transaction and termination fees will be waived on a “case by case” basis, TalkTalk said.
It has also emerged that the company could face claims amounting to millions of pounds from fraud victims who lose out as a result of the attack. The company has lost about £360m in value since it revealed details of the alleged attack last Thursday. Which? executive director Richard Lloyd said TalkTalk’s pledge is the “bare minimum” and urged it to consider all the ways in which customers could lose out from having their data compromised.
As investigations by both the Met and the Information Commissioner’s Office (ICO) continue, the focus is turning to whether the company had properly protected itself, and whether sufficient fines are in place for data breaches. He said: “TalkTalk must treat their customers fairly by letting those affected leave their contracts without penalty and consider offering appropriate compensation.”
The company chief executive, Dido Harding, insisted in the wake of the hack that the company’s cybersecurity was “head and shoulders” better than its competitors. TalkTalk said customers should monitor their accounts over the coming months and report anything unusual to Action Fraud. It has said that bank account numbers and sort codes, like those printed on a cheque, may have been accessed.
Security experts have been queuing up to claim that the TalkTalk attack was nothing out of the ordinary, and to point out the company’s failings. However, it also said: “Without more information, criminals can’t use these to take money from your bank account. Even then, the chances are very small indeed.”
One, Adrian Culley, a former Met detective and now a security consultant, has likened it to the Great Train Robbery and said the potential liability for TalkTalk could be “huge”. TalkTalk’s share price jumped more than 9% in early trading on Tuesday, following a sharp fall of more than 12% on Monday.
Announcing the inquiry, Vaizey described the hack as “very serious”, although he said any compensation for customers would be a matter for the information commissioner. The company said it was working with cyber crime experts, the security services and the police to complete a “thorough investigation”.
An ICO spokesperson said: “Our investigations into previous incidents are ongoing, and it wouldn’t be appropriate to presume a company had breached the Data Protection Act until our enquiries are complete. But what is clear is that organisations do need to make sure they have the appropriate level of security in place to protect the customer information they hold. If they don’t, we will act.”
Vaizey said the ICO can already levy significant fines but told MPs he was “open to suggestions” about how the situation could be improved.
TalkTalk is facing a maximum fine of £500,000 despite its annual turnover of £1.8bn.
The consumer group Which? called on the company to release affected customers without imposing early termination charges.
The telecoms regulator Ofcom said on Monday it was “extremely concerned about the data breach and any potential effects” on customers.
“Until all of the facts have been established it is too early to say whether TalkTalk customers would have the right to terminate their contract,” said a spokeswoman.