Police arrested a 15-year-old boy in Northern Ireland on Monday over a cyber attack that may have led to theft of data from among the 4 million customers of British broadband provider TalkTalk.
The attack, which took place on Wednesday, prompted the company to deny accusations of having relaxed enforcement and say its security was "head and shoulders" above that of its competitors.
But, it has led to calls for greater regulation of how companies and public bodies manage personal data.
A ransom demand was received by TalkTalk on Friday. The firm has said the attack was not as serious as first feared and it did not believe those behind it would be able to steal money from its customers
"A 15-year-old boy was arrested on suspicion of Computer Misuse Act offences," said London's Metropolitan Police, whose cyber-crime unit has been investigating the attack.
"He has been taken into custody at a County Antrim police station where he will later be interviewed," it said in a statement. A spokeswoman for TalkTalk said the company had been informed of the arrest.
"We are grateful for the swift response and hard work of the police. We will continue to assist in the ongoing investigation," she said in a statement.
TalkTalk said on Sunday it had hired defence company BAE Systems to investigate the cyber attack.
Shares in the company fell a further 12% Monday, wiping around 360 million pounds off the company's market value since the news of the cyber theft broke out.
TalkTalk is likely to face tough questioning from British lawmakers about the adequacy of its defences against cyber attack.
Parliament's Culture, Media and Sport Committee have said it will conduct an inquiry on data protection. The broadband company's executives are likely to be summoned to appear.