Two friends who took part in a £77m hack on the TalkTalk website have been jailed.
Matthew Hanley, 23, and Connor Allsopp, 21, both from Tamworth in Staffordshire, admitted their roles in the massive 2015 data breach which saw 156,959 accounts accessed.
Hanley, described as a “dedicated hacker”, shared details of more than 8,000 customers with Allsopp.
At the Old Bailey, Hanley was jailed for 12 months and Allsopp for eight.
Sentencing, Judge Anuja Dhir QC said they were “individuals of extraordinary talent”.
“I’m sure that your actions caused misery and distress to the many thousands of the customers at TalkTalk,” she said.
The court accepted that neither Hanley, of Devonshire Drive, nor Allsopp, of Coronation Street, had “exposed the vulnerability in [TalkTalk’s] systems… but you at different times joined in,” Judge Dhir said.
In November 2015, a 17-year-old boy admitted posting details of a chink in the firm’s online security, sparking the breach.
Analysis by BAE Systems suggested there may have been up to 10 attackers.
Hanley also obtained computer files including names and passwords for server systems belonging to Nasa, after a Skype contact forwarded the details as “a little present”.
TalkTalk spotted issues with its site on 21 October 2015 and launched an investigation before warning customers the following day.
This led to its then-CEO Dido Harding being subjected to blackmail attempts, with hackers demanding Bitcoin in exchange for the stolen data.
Hanley admitted hacking into the website between 18 and 22 October 2015, supplying data for hacking to another man and giving Allsopp the personal and financial details of customers.
Allsopp also admitted obtaining the Nasa passwords.
Sophisticated, systematic hack
The court heard he had boasted of having this material and erased all the content off his computer before his arrest on 30 October 2015.
Allsopp admitted supplying customer details to another user for fraud as well as the necessary files for hacking.
Judge Dhir said the pair were “both involved in a significant, sophisticated systematic hack attack in a computer system used by TalkTalk”.
“The total loss to TalkTalk as a result of this overall attack is estimated to be £77 million but the loss does not end there,” she added.
TalkTalk said it would not be commenting following the sentence.
Correction 20 November 2018: This story has been updated to clarify the number of TalkTalk accounts affected by the hack.