TalkTalk has emailed customers to downplay the seriousness of its most recent security breach, as police arrest a third person - this time not a teenager - in connection with the attack.
When TalkTalk announced its third security breach this year
, it did so in a flurry of confusion: it wasn't sure quite what was taken, a company spokesperson admitted, and it wasn't sure if what was taken was stored in an encrypted or hashed form. Later, company head Baroness Harding would confirm that all personal data stored by TalkTalk was not encrypted, as there was no legal requirement to do so - which proved of little comfort to the company's customers, some of whom have reported monetary losses as a result of their personal details being used fraudulently following the attack.
As the police investigated the breach, arrests followed: first, a fifteen year old from County Antrim
; next, a sixteen year old from Feltham
. Now, the police have arrested a third suspect, and the only one so far legally able to buy a pint at his local: an unnamed male from south Staffordshire, arrested this weekend on suspicion of offences under the Computer Misuse Act and bailed following a search and seizure carried out at his home premises.
As the arrest took place, Baroness Harding looked to downplay the severity of the breach. Rather than affecting all four million customers, as originally feared, the breach has now been claimed to include: up to 21,000 unique bank account numbers and sort codes; up to 28,000 credit and debit card details, stored with the middle six digits removed and therefore not directly usable for financial transactions; up to 15,000 dates of birth; and up to 1.2 million email addresses, names, and phone numbers.
The investigation into the attack continues.