Scotland Yard announced Friday that they’d arrested a 16-year-old boy in west London over the hacks. On Monday, Police reported that they’d arrested a 15-year-old boy in Northern Ireland over the breach. It’s unclear how many individuals are involved in the hack, though the Metropolitan Police Cyber Crime Unit is still investigating.
The attack, which happened on Oct. 24, was noteworthy both for TalkTalk’s slow response as well as its potential scale. It took a day for the company to begin notifying their customers that their personal data—contact information, addresses, and phone numbers—may have been breached and several more to confirm that the hackers hadn’t actually accessed full credit card information. Still, they were able to see user contact information, and many TalkTalk customers reported scam calls.
In a statement provided to the Daily Dot Friday morning, a TalkTalk representative said that fewer than “21,000 unique bank account numbers” and fewer than “1.2 million customer email addresses, names and phone numbers” had been breached.
Both boys were arrested on suspicion of violating the Computer Misuse Act. As a rule, hacking crimes are punished far less severely in the U.K. than the U.S. Both teenagers have since made bail.
Illustration by Jason Reed