The unnamed 17-year-old behind a distributed denial of service (DDoS) attack and hack on internet service provider (ISP) TalkTalk has been given a relative slap on the wrist - having been sentenced to just a 12-month rehabilitation order, while also having his iPhone and hard-disk drive confiscated.
The teen, who was arrested in Norwich in November 2015 and charged under the Computer Misuse Act, admitted seven offences related to the TalkTalk hack. It followed an investigation by the Metropolitan Police's Cyber Crime Unit.
Norwich Youth Court was told he had used legitimate software to identify vulnerabilities on target websites. While he did not exploit the information for monetary gain, the TalkTalk website was targeted more than 14,000 times after the flaw was exposed.
This led to attacks on TalkTalk that resulted in the personal data of almost 160,000 people, and the banking details of 15,656 people, being accessed.
Speaking at the time, the teen said: "I didn't think of the consequences at the time. I was just showing off to my mates. It was a passion, not any more. I won't let it happen again. I have grown up," he added.
A raid on the teen's home last year revealed that he had been involved in attacks on other websites including Manchester University and Cambridge University.
TalkTalk was fined £400,000 for the breach, which was generously discounted by 20 per cent for early payment, in an attack that Christopher Graham, the information commissioner at the time, described as a "car crash".
TalkTalk also warned in November that it still struggles in its core broadband subscription market in the wake of the attack. The company lost 98,000 retail subscribers in the first half of the year, but gained 69,000 via less profitable wholesale deals with third parties, resulting in a net loss of 29,000 subscribers.
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons