TalkTalk hack: 18-year old boy in Wales the fifth to be arrested

The first TalkTalk arrest to be on suspicion of blackmail rather than Computer Misuse Act offences

An 18-year old boy is the fifth to be arrested in connection with the SQL injection attack of internet service provider TalkTalk.

The teenager was arrested yesterday after detectives from the Metropolitan Police Service's Cyber Crime Unit (MPCCU) and officers from Southern Wales Regional Organised Crime United executed a search warrant at an address in Llanelli, Wales.

He was arrested on suspicion of blackmail and taken into custody at a Dyfed Powys police station.

It follows the arrests of a 16-year-old boy from Norwich, a 20-year old man from Staffordshire, a 15-year-old boy in Northern Ireland and a 16-year-old boy in West London. All four have since been bailed.

This is the first of the five arrests that has not been on suspicion of Computer Misuse Act offences. It is unclear at this moment how the boy - or indeed any of the others who have been arrested - were involved in the hack.

TalkTalk shocked customers last month when it said it had been hacked and that up to four million customers' private details may have been compromised. Since then, TalkTalk has suggested that the total number of customers whose personal details were accessed is 156,656. Of those customers, 15,656 had their bank account numbers and sort codes accessed.

In addition to this banking information, a further 28,000 'obscured' credit card and debit card details were accessed, although TalkTalk claim that this information could not be used by cyber criminals, nor could customers be identified using this stolen data.

TalkTalk CEO Dido Harding has said that the estimated one-off costs for the attack for the company will be between £30m and £35m. However, it may cause longer term damage to the brand, with a survey suggesting that as many as three-quarters would steer clear of companies affected by data breaches.

TalkTalk's estimate include the cost of the response to the incident, handling the increase in calls at its call centres, the additional IT and technology costs, and lost revenue was a result of its online sales sites being down for three weeks - but not revenues foregone as potential customers choose alternative providers.