Was TalkTalk the wake up the security industry needed?
Was TalkTalk the wake up the security industry needed?

A 17-year-old boy has pleaded guilty to hacking offences which are linked to the data breach at the telecoms company TalkTalk in October 2015.

The boy, who cannot be named as he is underage, has admitted to seven charges under the UK Computer Misuse Act 1990 and will be sentenced on 13 December.

The teen was arrested in Norwich last November after an investigation by the Metropolitan Police Cyber-Crime Unit. Norwich Youth Court was today told he used hacking tools to identify vulnerabilities on target websites. One of the vulnerabilities later turned out to be an SQL injection.

The teen is the first to be charged of the six arrests made in connection with the TalkTalk hack. All those arrested were under 21.

The hack on the firm last October brought cyber-security into the limelight, as it transpired that 160,000 people had their details stolen, leaving them vulnerable to fraud. Since then some had claimed to have lost thousands of pounds as a direct result of the hack.

It was described as a "car crash" earlier in the year by then information commissioner Christopher Graham. The Information Commissioner's Office went on to fine TalkTalk a record £400,000 last month for a lack of sufficient security, meaning attackers could access customer data with "ease".

When it released its financial results in July, TalkTalk revealed the attack cost it £42 million.

Alex Mathews, EMEA technical manager of Positive Technologies told SCMagazineUK.com: "The fact a 17 year-old could be involved in a cyber-attack which wipes millions off a large company's value is a stark reminder of the times. Big companies simply must pay heed. This is another wakeup call to the fact there are young individuals hidden deep online who continually probe businesses for weakness through websites and other connected interfaces.”