The hacker responsible for the TalkTalk Telecom Group breach has been sentenced to four years in prison in the U.K.
Bloomberg reported that Daniel Kelley, 22, was sentenced after pleading guilty to 11 charges of hacking and blackmailing TalkTalk.
The attack, which happened in 2015, compromised around 20,000 accounts, with Kelley demanding TalkTalk CEO Dido Harding and other employees pay him 465 bitcoin, or about $362,000, for the customer data, with some samples of financial information taken during the hack later available for purchase on various cybercriminal forums on the dark web.
In addition, Kelley hacked into half a dozen other companies and organizations, including a Welsh college and an Australian education authority.
“Kelley is a prolific and ruthless cybercriminal, hacker and blackmailer who caused considerable damage, distress, harm and loss to victims’ worldwide,” Rob Burrows, an officer in the Metropolitan Police’s Cyber Crime Unit, said in a statement.
One year after the attack, TalkTalk confirmed that the “significant and sustained” cyberattack caused it to lose up to 101,000 customers and cost it up to £60 million (roughly $86.5 million). When the cyberattack took place, TalkTalk was reportedly being accused of disregarding security vulnerabilities and was investigating thousands of cases where its customers reported losing money as a result of the work of cybercriminals.
In TalkTalk’s statement about the breach at the time, Harding said, “TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cybercrime, impacting an increasing number of individuals and organizations. We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here. As a precaution, we are contacting all our customers straight away with information, support and advice around yesterday’s attack.”