We now know the extent of the TalkTalk hack, and while it's not as bad as everyone first feared, it still poses massive questions about cybersecurity and the countermeasures being taken by British technology companies. To get a better grasp of the situation, the UK's cross-party Culture, Media and Sport Committee has launched an inquiry today into the recent attack. While TalkTalk is the focal point -- MPs will look at the "nature" of the hack and TalkTalk's response -- it'll also be considering the telecoms and internet service provider (ISP) industry as a whole. Specifically, the Committee wants to know what measures are being taken to stop these sorts of breaches, how much money businesses are investing in their defences, and whether response protocols could be improved.
Police have now arrested four individuals as part of its ongoing investigation. Yesterday evening, detectives used a search warrant at an address in Norwich, apprehending a 16-year-old boy in the process. He's suspected of Computer Misuse Act offences and has since been released on bail. Officers say he will likely be recalled in late March next year. A further three arrests have taken place over the last 10 days; a 15-year-old boy from Northern Ireland, a 16-year-old from London and a 20-year-old man from South Staffordshire. Police haven't revealed their identities or drawn any connections between them -- the short timeframe for the arrests, however, points to the involvement of an organised hacker group.
When TalkTalk confirmed the hack on October 23rd, 4 million customers were potentially at risk. A couple of days later, however, it said the stolen data was "materially lower than initially believed." The company has since released ballpark figures: "less than 1.2 million customer email addresses, names and phones numbers, and fewer than 28,000 obscured credit and debit card details. A further 21,000 bank account numbers and sort codes were taken, as well as 15,000 customer dates of birth. TalkTalk will almost certainly be required to give evidence as part of the Committee's new inquiry -- if and when it does, we may get some more concrete figures regarding just how many customers were affected.