TalkTalk Offers Free Update After Attack
U.K. telecoms company TalkTalk will offer all customers a free upgrade of their services as it estimates the cost of the cyber attack could surpass $50 billion. Reuters/Stefan Wermuth

LONDON -- Police in the U.K. have arrested a second teenage boy as part of the ongoing investigation into the cyberattack on telecoms company TalkTalk, which led to four million customers' data being compromised.

The second arrest took place Thursday in the Feltham area of south-west London when the cyber crime unit of the Metropolitan Police arrested a 16-year-old boy on suspicion of Computer Misuse Act offenses. The second arrest comes just days after police arrested a 15-year-old boy in Northern Ireland for similar offenses.

As well as searching the home of the 16-year-old boy in Feltham, the police have also raided a house in Liverpool, though no arrests were made at that address. Both teenagers have now been bailed with the 15-year-old due back in court in November while a bail date for the 16-year-old has yet to be set.

TalkTalk, a phone and broadband provider in the U.K., is still reeling from what is the company's third major cyberattack in the space of 12 months. Following the attack on Oct. 22, TalkTalk CEO Dido Harding revealed that she had been contacted by those claiming responsibility for the attack, demanding an £80,000 (roughly $123,000) ransom to be paid in bitcoin, otherwise the company's customer information would be posted on the dark web.

While TalkTalk is playing down the amount of data stolen, the compromised information includes names, addresses, dates of birth and email addresses as well as some partial credit card details and banking information. TalkTalk has been criticized for failing to encrypt customer data, but Harding has defended the company's policy telling the Sunday Times: “[Our data] wasn’t encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information.”

TalkTalk shares dropped precipitously after news of the breach was made public, and while the share price has recovered somewhat, the company's stock is still trading 10 percent down on its price before the attack.