Two hackers, Matthew Hanley, 23, and Connor Allsopp, 21, have been sentenced to a total of 20 months in prison for their part in the 2015 TalkTalk cyber attack. Neither Hanley nor Allsopp, both from Tamworth, UK, exposed TalkTalk’s vulnerability but did exploit the security vulnerability in order to steal more than 8,000 customers’ records. The attack, which could have included up to 10 attackers, is believed to have cost TalkTalk £77 million.
Hanley was described as a dedicated hacker and that he was on the one that shared the customer details with Allsopp. Subsequently, Allsopp passed on the details to another user for the purposes of fraud, he also supplied them with the tools for doing further hacks. The then-CEO, Dido Harding, was blackmailed with the stolen data with the perpetrators demanding payment in bitcoin. While these two were not doing the blackmailing, the judge said Hanley and Allsopp “helped facilitate it.”
Judge Anuja Dhir QC, commenting on the case, said:
“Given the scale of the attack, the number of people whose confidential information was stolen and then passed on to others, I’m sure that your actions caused misery and distress to many thousands of the customers of TalkTalk.
The prosecution accept that neither of you exposed the vulnerability in their systems, others started it, but you at different times joined in.
The attack led to you and others gaining access to TalkTalk’s clients’ confidential information. The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there.”
Hanley was sentenced to 12 months in jail, while Allsopp was sentenced to just eight; given the rules around sentences in the UK, the pair could be out quite a bit sooner.