Police arrested a 15-year-old boy in Northern Ireland on Monday over a cyber attack that may have led to the theft of data from among the 4 million customers of British broadband provider TalkTalk (TALK.L).
The attack, which took place on Wednesday, prompted the company to deny accusations of laxity and say its security was "head and shoulders" above that of its competitors. But it has led to calls for greater regulation of how companies and public bodies manage personal data.
A ransom demand was received by TalkTalk on Friday. Since then, the firm has said the attack was not as serious as first feared and it did not believe those behind it would be able to steal money from its customers.
"A 15-year-old boy was arrested on suspicion of Computer Misuse Act offences," London's Metropolitan Police, whose cyber-crime unit has been investigating the attack, said.
"He has been taken into custody at a County Antrim police station where he will later be interviewed," it said in a statement, adding police officers were searching an address in Northern Ireland in connection with the arrest.
A spokeswoman for TalkTalk said the company had been informed of the arrest.
"We are grateful for the swift response and hard work of the police. We will continue to assist in the ongoing investigation," she said in a statement.
TalkTalk said on Sunday it had hired defence company BAE Systems (BAES.L) to investigate the cyber attack.
Shares in the company fell a further 12 percent Monday, wiping around 360 million pounds off the company's market value since the news broke after the market closed on Thursday.
As well as anger from its customers, TalkTalk is likely to face tough questioning from British lawmakers about the adequacy of its defences against cyber attack.
Parliament's Culture, Media and Sport Committee has said it will conduct an inquiry on data protection, which will likely see TalkTalk executives summoned to appear.