Security & Fraud

TalkTalk Hacker, Blackmailer To Serve Four Years

The hacker responsible for the TalkTalk Telecom Group breach has been sentenced to four years in prison in the U.K.

Bloomberg reported that Daniel Kelley, 22, was sentenced after pleading guilty to 11 charges of hacking and blackmailing TalkTalk.

The attack, which happened in 2015, compromised around 20,000 accounts, with Kelley demanding TalkTalk CEO Dido Harding and other employees pay him 465 bitcoin, or about $362,000, for the customer data, with some samples of financial information taken during the hack later available for purchase on various cybercriminal forums on the dark web.

In addition, Kelley hacked into half a dozen other companies and organizations, including a Welsh college and an Australian education authority.

“Kelley is a prolific and ruthless cybercriminal, hacker and blackmailer who caused considerable damage, distress, harm and loss to victims’ worldwide,” Rob Burrows, an officer in the Metropolitan Police’s Cyber Crime Unit, said in a statement.

One year after the attack, TalkTalk confirmed that the “significant and sustained” cyberattack caused it to lose up to 101,000 customers and cost it up to £60 million (roughly $86.5 million). When the cyberattack took place, TalkTalk was reportedly being accused of disregarding security vulnerabilities and was investigating thousands of cases where its customers reported losing money as a result of the work of cybercriminals.

In TalkTalk’s statement about the breach at the time, Harding said, “TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime, impacting an increasing number of individuals and organizations. We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack.”



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.