UK police have arrested and bailed a fourth man in connection to TalkTalk's hack which left millions of customers exposed to fraud and potential identity theft.
The UK's Metropolitan Police Cyber Crime Unit (MPCCU) and National Crime Agency (NCA) said in a statement that an arrest was made in Norwich on Tuesday evening concerning the telecommunication provider's data breach.
Armed with a search warrant, law enforcement arrested a 16-year-old boy on suspicion of Computer Misuse Act offences, but the teenager has now received bail.
Earlier this month, TalkTalk admitted to a data breach and the subsequent theft of customer data. Originally, it was believed the hack affected up to four million customers, although TalkTalk now says less than 21,000 unique bank account numbers and sort codes, 28,000 obscured credit and debit card details and 15,000 customer dates of birth were exposed.
However, anything up to 1.2 million customer email addresses, names and phone numbers were also lost in the breach -- and this data is more than enough for scammers to sell and use to target consumers.
An investigation into the data breach by the MPCCU, alongside the Police Service of Northern Ireland (PSNI)'s Cyber Crime Centre (CCC) and the NCA, is ongoing. The unnamed 16-year-old will be on bail pending further enquiries to a date in late March 2016.
The teenager joins three others who have also been granted bail for now -- a 20-year-old from Staffordshire, a 16-year-old boy from Feltham and a 15-year-old boy from County Antrim, Northern Ireland. Every suspect is under suspicion for Computer Misuse Act offences related to the breach.
TalkTalk has warned banks dealing with exposed accounts to watch out for fraudulent.
However, the damage is unfortunately already being done, with customers being scammed out of their savings not only through social engineering techniques but through fake customer support reps calling customers -- armed with valuable information -- to coax people into handing over additional data or control of their PCs.
In an email to customers, the telecoms provider said:
"We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly."
This might be downplayed somewhat, especially as a look over the TalkTalk forums suggests otherwise. It appears that scammers using customer data are pretending computers or "broadband" is infected, and they need the customer to input codes on a domain to resolve the issue -- which then gives remote access to the criminal.
A TalkTalk representative on the forum said in response to customer complaints that "we have and continue to block many known scam call numbers from accessing our network to reduce the impact this is having on our customers."
If you want to hear an example of some of the scam calls being made to TalkTalk customers -- potentially to warn family or friends -- click here.
Read on: Top picks