Arrests Made in TalkTalk Breach; Vodafone Admits to Similar Hack
On Sunday, a third person was arrested in connection to the recent TalkTalk hack in the United Kingdom. The unnamed 20-year-old was arrested in his home in Staffordshire. The other two teenagers were arrested earlier–one in London and one in Northern Ireland. Police believe the three coordinated the attack.
TalkTalk, a UK phone and broadband provider, announced on October 22 that the data of 4 million customers had been breached. Hackers gained access to names, addresses, credit card and bank details, birth dates, phone numbers, email addresses and other TalkTalk account information. The company admitted it had not encrypted all information, which means cyber criminals could easily read the data.
After the initial announcement, TalkTalk reported the data breach had not been as dire as originally thought. They confirm that the following data was accessed:
- Less than 21,000 bank account numbers and sort codes
- Less than 28,000 partial credit and debit card details (the middle 6 digits had been removed)
- Less than 15,000 customer birth dates
- Less than 1.2 million customer email addresses, names and phone numbers
A second British telecommunications company was also recently hacked. Vodafone UK, a worldwide telecommunications company, released a statement on October 31 that it had been the victim of unauthorized account access. The breach occurred between midnight on October 28 through October 29.
The company said the cyber criminals gained access by using email addresses and passwords acquired from an unknown source. 1,827 customers had their accounts accessed, which could have provided hackers with the customer’s name, mobile telephone number, bank sort codes and the last four digits of their bank account number.
To protect customers, Vodafone blocked the accounts on Friday evening and contacted costumers to help them change their account details. Banks have also been alerted, and the company will load customer data into the Credit Industry Fraud Avoidance Service (CFAS) database to make sure financial institutions make additional checks to protect the customer from fraud.
Both Vodafone and TalkTalk assured customers that criminals will not be able to access their bank accounts, because no credit or debit card numbers were obtained. They do warn that customers will be open to fraud, though, including phishing attempts.