Third person arrested over TalkTalk cyberattack

A third person has now been arrested in connection with the high-profile cyberattack that affected TalkTalk customers last week.

A 20-year-old male from Staffordshire has become the latest individual to be arrested by the Metropolitan Police, following the arrests last month of a 16-year-old from Feltham and a 15-year-old boy from County Antrim, Northern Ireland.

Read more: TalkTalk facing huge compensation bill, customers hit by cyber-attack could get £1,000

The authorities are taking the case extremely seriously, with up to four million customers possibly affected by the security breach. Although only partial credit card numbers were stored on the TalkTalk website, affected customers could now find themselves the victims of fraud or increased phishing attempts. Both the Metropolitan Police Cyber Crime Unit (MPCCU) and the National Crime Agency (NCA) are working together to apprehend those responsible. All three individuals arrested so far have been released on bail, pending further inquiries.

Since the attack took place last month, it has been revealed that the TalkTalk site was subjected to a distributed denial-of-service (DDoS) and SQL-injection attack. It is believed that the DDoS attack acted as a distraction while attackers stole sensitive information. The telecoms firm are undertaking a detailed investigation into how the breach took place, which could ultimately lead to a huge compensation claim and untold reputational damage.

Aside from the TalkTalk incident, Vodafone also revealed that a number of its customer accounts were also infiltrated last month. Although in this case the breach occurred at an unknown external source, confidence in the telecoms industry is likely to have been significantly dented by these events.

Read more: London teenager arrested over TalkTalk cyber attack

For businesses like TalkTalk that contain personal information, security protocols must be regularly tested and updated to deal with the threat of cyberattacks. The methods employed by attackers are changing constantly and it is up to organisations to ensure that their customers are protected.