LONDON (Reuters) - A 17-year-old who admitted illegally hacking communications company TalkTalk last year was sentenced to a 12-month rehabilitation order on Tuesday.
The October 2015 attack affected around four percent of the company’s 4 million customers and cost it around 60 million pounds ($75 million).
TalkTalk was subsequently fined 400,000 pounds for insufficient security that allowed customer data to be accessed.
“This case involved the deliberate exposure of a security issue on the TalkTalk website which is used by thousands of people every day,” said Laura Tams of the Crown Prosecution Service (CPS) on Tuesday.
“Through analysis of online chats and other digital footprints, prosecutors were able to demonstrate exactly how the defendant found this weakness and shared the details online,” she added in a statement.
Britain’s data protection regulator, The Information Commissioner’s Office (ICO), said at the time TalkTalk could have prevented the attack if it had taken basic steps to protect customers’ information, and described how the hackers accessed data “with ease”.
Last month the youth, who cannot be named, admitted seven charges including gathering personal information from customers and posting confidential company information online. The weaknesses this revealed in TalkTalk’s cyber security led to further breaches by unrelated hackers.
The charges he admitted at Norwich Crown Court also included the hacking of websites of Britain’s University of Cambridge and University of Manchester.
Reporting by Camilla Hodgson; editing by Stephen Addison