"On Thursday, 29 October, detectives from the Metropolitan Police Cyber Crime Unit (MPCCU) executed a search warrant at an address in Feltham. At the address, a 16-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has now been bailed - we await confirmation of the bail date. A search of the residential address in Feltham has been completed."The statement goes on to note that a second search occurred at a property in Liverpool. At this time, it is currently unclear how this particular search relates to law enforcement's overall investigation.
Earlier this month, Trista Harrison, Managing Director (Consumer) of TalkTalk, first announced the breach in an update posted to the company’s website:
“We are very sorry to tell you that yesterday a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyber attack on our website on Wednesday 21st October,” the update reads.
Harrison went on to explain that the names, addresses, dates of birth, and payment card details of as many as four million TalkTalk customers might have been compromised by the breach.
At this time, it is still unclear how many customers might have been affected, though TalkTalk has since released an update about the hack in which it states that the amount of financial material exposed by the incident is now believed to be "materially lower" than first believed.
A few days after TalkTalk's update, the Metropolitan Police confirmed the arrest of a 15-year-old boy in Northern Ireland who is believed to have been connected to the breach. He has been taken into custody under suspicion of having violated the Computer Misuse Act.
TalkTalk is just one of three UK companies to have experienced a security incident in the past week.On Tuesday, multinational retailer Marks & Spencer suspended its website for two hours after customers were able to see others’ account details after logging in to their own profiles. Then on Thursday, it was announced that British Gas had contacted 2,200 of its customers and urged them to change their passwords following a breach that exposed their login credentials online via PasteBin.