Two chaps in the UK have admitted stealing more than 150,000 customer records from TalkTalk.
Matthew Hanley, 22, and Connor Douglass Allsopp, 20, both from Tamworth, England, copped to charges in connection to the 2015 attack on the broadband ISP's systems and subsequent attempts to sell people's personal data to fraudsters.
Hanley pleaded guilty to three charges of violating the Computer Misuse Act and one charge of supplying an article for use in fraud, while Allsopp pleaded guilty to supplying an article for use in fraud and supplying an article intended for use in the commission of an offence.
The pair were among a group of four arrested by UK police in connection with the TalkTalk attack. Along with Allsopp and Hanley, Daniel Kelley, 19, of Wales and a juvenile from Norwich were nabbed for the heist.
According to Met Police, Hanley had attempted to hide traces of the attack from authorities by encrypting some data and wiping the rest. Instead, police say they accessed his social media accounts to get logs of conversations he had on the attack.
The police used news of the guilty pleas to take a victory lap.
"Hanley thought that he was being smart and covering his tracks by wiping his hard drives and encrypting his data," said Detective Chief Inspector Andy Gould of the Met Police Falcon cybercrime unit.
"But what our investigation shows is that no matter how hard criminals try to conceal their activity, they will leave some kind of trail behind."
Allsopp, meanwhile, admitted to police that he had supplied details on the vulnerabilities in TalkTalk's website that were exploited to get to the customer records. He then acted as the fence for the stolen data, attempting to sell it off to crooks.
The pair are set to be sentenced at the Old Bailey on May 31. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks