A SECOND boy has been arrested in connection with the alleged TalkTalk cyber attack, the Metropolitan Police said.
The 16-year-old, from Feltham in west London, was held on suspicion of computer misuse after a search of his home on Thursday.
The teenager has been bailed to a date yet to be confirmed.
A 15-year-old boy from County Antrim in Northern Ireland was arrested on Monday in connection with the alleged data theft. He was bailed until a date next month.
The investigation is being carried out by the Met’s cyber crime unit, the Police Service of Northern Ireland’s cyber crime centre and the National Crime Agency.
The latest breach is the third in a spate of cyber attacks affecting TalkTalk in the past eight months, with incidents in August and February resulting in customers’ data being taken.
Police confirmed officers also carried out a search at a residential property in Liverpool in connection with the cyber attack.
Inquiries by the Met’s cyber crime unit and officers from the National Crime Agency, the British equivalent of the FBI, continue.
The first boy arrested, from Northern Ireland, is known to like the Call Of Duty video game which simulates warfare, neighbours said.
He was described by local residents as a “quiet boy” who moved to the area recently with his family.
The arrests came after TalkTalk, the phone and broadband provider, was targeted in an alleged cyber attack a week ago.
The company said bank account numbers and sort codes may have been accessed.
But they stressed criminals would need more information to enable them to take money from a customer’s bank account, and said the chances of thieves succeeding with this was “very small indeed”.
Yesterday the company said that the data hacked in the TalkTalk cyber attack “is significantly less than originally suspected” with fewer than 21,000 unique bank account numbers and sort codes accessed.
TalkTalk also revealed that fewer than 1.2 million customer e-mail addresses, names and phone numbers were accessed, along with fewer than 28,000 obscured credit and debit card details, and fewer than 15,000 customer dates of birth.
“Even though the scale of the attack is significantly smaller than initially suspected, we continue to advise customers to be vigilant, and to take all precautions possible to protect themselves from scam phone calls and e-mails,” a spokesman said.