A teenage computer geek yesterday admitted being the mastermind behind the catastrophic TalkTalk data hack.

Daniel Kelley, 19, led a group of cyber criminals who brought the mobile network to its knees by looting sensitive customer data last year.

The baby-faced hacker, who was already on bail for similar offences, obtained email addresses, names and phone numbers, as well as 21,000 unique bank account details.

Co-ordinating the attack from his bedroom at his family home in Wales, he then demanded more than £285,000 from its chief executive.

Advertisement

The ransom sparked an urgent Scotland Yard investigation and an outcry over the company's lax security.

Experts estimated TalkTalk lost £42 million as customers fled and the company was ultimately fined a record £400,000 for its "car crash" security failings.

The case left companies across Europe scrabbling to upgrade their websites over fears that they too could be humiliated.

TalkTalk was the victim of a "significant and sustained" hacking attack in which the personal data of 160,000 people was accessed on October 21 last year.

Kelley was identified after personally sending blackmail emails using one of his online personas to chief executive Dido Harding.

He told her to hand over 465 bitcoins, a supposedly untraceable online currency, which currently trade at just under £615 each.

Investigators discovered he also hacked a series of other websites, including universities in Cambridge, Manchester, Sheffield and Bournemouth, and Zippo Lighters.

Police also found Kelley had blackmailed a senior executive of JJ Fox cigar merchants based in London, as well as other victims in the UK and Australia.

Advertisement

They found the hackers used software easily available online to identify and exploit a weakness in the TalkTalk website.

Experts estimated TalkTalk lost £42 million as customers fled. Photo / Getty
Experts estimated TalkTalk lost £42 million as customers fled. Photo / Getty

The hackers then boasted of their actions online and revealed their methods, leading to the company being targeted a further 14,000 times by copycats.

All the offences, which took place during a spree from October 2014 to November 2015, were undertaken from his bedroom at his modest £140,000 Llanelli family home.

Yesterday, Kelley was told he faces jail by an Old Bailey judge after admitting 11 blackmail, computer misuse and money laundering offences.

Granting him bail, Judge Paul Worsley said: "I warn you that custody is inevitable and you should prepare yourself for such."

In a separate case, a 17-year-old accomplice from Norwich also admitted hacking the telecoms giant and posting details of how he did it online.

The youth, who cannot be named for legal reasons, was given a 12 month rehabilitation order at Norwich Youth Court.

He was also ordered to pay £85 costs and a £15 victim surcharge, which he agreed to cover with his pocket money.

He said: "I didn't think of the consequences at the time. I was just showing off to my mates. It was a passion, not any more. I won't let it happen again. I have grown up."

Magistrate Jean Bonnick told him: "Your IT skills will always be there. Just use them legally in future."

Detective Chief Inspector Jason Tunn, of the Metropolitan Police, labelled Kelley a "prolific and calculating cyber-criminal" who caused considerable damage: "The fact that Kelley was taking part in the cyber-attack against TalkTalk whilst on police bail for other similar offences shows his total disregard for the law."

Two other men - Matthew Hanley, 21, and Conner Douglas Allsopp, 19 - face trial next July accused of participating in the hack. Two further suspects remain on bail.