Fifth suspect arrested over TalkTalk hack

An 18-year-old is being accused of blackmail relating to the devastating cyberattack.


A fifth suspect has been arrested in connection with the TalkTalk data breach that resulted in the loss of sensitive data belonging to over a million customers.

The Metropolitan Police Service's Cyber Crime Unit (MPCCU), leading the investigation into the TalkTalk hack, said in a statement late Tuesday that an 18-year-old has been arrested in Llanelli, Wales.

The unnamed suspect was arrested on suspicion of blackmail and taken into custody at a Dyfed Powys police station. On October 23, TalkTalk CEO Dido Harding admitted the telecommunications provider had received a blackmail noticed delivered to her inbox, although no more details concerning the ransom have been released.

In October, TalkTalk admitted to a security breach on its systems. Originally it was believed that all four million customers of the ISP may have had their data stolen, which could pave the way for identity theft and banking fraud.

Harding is still unsure just how many of the company's four million customers have been affected by the cyberattack, but the latest estimates suggest that fewer than 21,000 unique bank account numbers and sort codes, 28,000 obscured credit and debit card details and 15,000 customer dates of birth were exposed.

However, up to 1.2 million customer email addresses, names and phone numbers may have been compromised.

TalkTalk has admitted that not all customer data was encrypted, but said at the time "systems were as secure as they could be."

See also: The TalkTalk aftermath: Social engineering and empty bank accounts

While the current estimates are still damaging to many UK customers, the breach does not appear to be as serious as previously thought. Customers should still keep an eye on their credit scores, however, and banks have been notified to stay on guard for potential fraudulent activity.

The 18-year-old joins a 15-year-old boy, two 16-year-old boys and a 20-year-old man all arrested on suspicion of Computer Misuse Act offences, which can result in up to a ten-year prison sentence and an unlimited fine. All four have been bailed until next year.

The investigation, ran by the MPCCU, the Police Service of Northern Ireland (PSNI)'s cybercrime unit and the UK National Crime Agency (NCA), is ongoing.

Read on: Top picks