A 17-year-old boy claimed he was ‘just showing off’ as he admitted hacking offences linked to the TalkTalk data breach.

The boy, who cannot be named, pleaded guilty to seven charges and will be sentenced next month according to reports by the BBC. Norwich Youth Court was told how the boy identified vulnerabilities with hacking tool software in order to target websites. He reportedly stole email addresses, names, phone numbers and as many as 21,000 unique bank account numbers and sort codes.

“I didn’t think of the consequences at the time. I was just showing off to my mates,” the boy told magistrates.

“It was a passion, not any more. I won’t let it happen again. I have grown up.”

According to the BBC, the boy’s solicitor said that he had only played a small part in the scam, calling his behaviour at the time of the offense as that of an immature 16-year-old.

The boy will be sentenced under the Computer Misuse Act on 13 December. His charges relate to attacks also made on other websites, including the websites of the University of Manchester and Cambridge.

Also on CBR: TalkTalk hack: What does the cyber attack reveal about accountability for breaches?

The boy is one of six people who have been arrested over the TalkTalk hack, with almost all of those arrested teenagers. It is the fact that the attacks were deployed by teenagers which should really give businesses pause for thought, as Laurance Dine, Managing Principal, Investigative Response at Verizon Enterprise Solutions, argues:

“The fact that a 17-year-old was able to breach the defences of a major organisation and steal the personal data of 160,000 customers using a piece of off-the-shelf hacking software is a little sobering to say the least. What it shows is that hackers don’t need to be particularly innovative to be successful. Indeed, the DBIR 2016 showed that many cybercriminals are still using the same old tactics they’ve been using for years, because they still work. The fallout from this incident has made clear the potential consequences of an organisation failing to secure its IT systems, so it’s vital that we learn these lessons and take care of the basics, to ensure that we aren’t giving hackers an easy ride in the future.”