News

TalkTalk hacker hit Withybush Hospital and others, costing tax payer £400,000

Published

7 years ago

June 12, 2019

A ‘CYNICAL and ruthless’ hacker, motivated by spite and greed, targeted the computer systems at Withybush Hospital, The Herald can confirm.

Daniel Kelley, now aged 21, hacked into networks at Withybush and Prince Philip Hospital, Llanelli. When he did so, he prevented radiographers from viewing vital diagnostic images used to plan treatment for patients. The hacker also disrupted communications between different Health Board sites.

The Court heard that Kelley’s actions caused ‘a serious clinical risk of a catastrophic outcome’.

The hack cost the Welsh Government, which runs big public networks, £400,000 to repair its systems, improve its security systems, and prevent further hacks.

Kelley’s efforts in disrupting vital public services began when he implemented a Distributed Denial of Service attacks at Coleg Sir Gar, where he was a student.

Prosecutors alleged that Kelley’s motivation on that occasion was spite at being denied a place on a Level 3 computing course due to poor performance in his GCSEs.

A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or another network resource, and cause a denial of service for users of the targeted resource.

In Kelley’s case, he deliberately targeted the College’s computer infrastructure, causing disruption to systems accessed by students and teachers, including examinations.

Having accessed the College network, Kelley was able to exploit its connection to wider Welsh public service computer infrastructure and caused targeted disruption to other bodies which shared the network’s resources.

There is no sign that Kelley committed these acts for anything other than his amusement and the feeling of power it gave him.

While Kelley’s activities had widespread adverse consequences, his next step presented a major escalation.

He hijacked the computer systems of companies in Australia and Canada. The targets included Zippo Lighters, Rogers Communications, RC Hobbies, ISP JISC, TAFE Queensland, and a court transcription service called For the Record in Australia.

He attempted to blackmail company executives by targeting their loved ones and making threats to collapse companies by wrecking their computer systems.

Kelley was arrested in July 2015 but his most audacious blackmail attempt was yet to come.

In October that year, together with a group of other hackers, Kelley took part in “significant and sustained cyber-attack” on TalkTalk.

The group broke into broadband provider TalkTalk’s customer database and stole a copy of its contents.

The stolen records included customer names and addresses, dates of birth, payment card details, phone numbers, and email addresses.

Around 157,000 customers in the UK were caught up in the hack, which was said to have cost TalkTalk £77m to clean up and cost it immeasurably more in lost customer confidence and income.

Kelley then attempted to extort £80,000 in exchange for not leaking the swiped customer database onto the web.

Peter Ratliff, prosecuting, described Kelley as a “prolific, skilled and cynical cyber-criminal” who was willing to “bully, intimidate, and then ruin his chosen victims from a perceived position of anonymity and safety – behind the screen of a computer.

“Where confidential and sensitive information had been stolen in the hack – typically the personal and credit card details of the company’s clients – the defendant would threaten the company with the public release of the material, knowing and exploiting the fact that the release would risk the ruin of the company concerned.

“It is clear from the content of the emails that the defendant sent that he derived enjoyment and excitement from the power he wielded over those he sought to intimidate.”

Sentencing Kelley, Judge Mark Dennis said Kelley hacked computers “for his own personal gratification” regardless of the damage caused.

His attempts at blackmail revealed a “cruel and calculating side to his character”, Judge Dennis said.

Kelley was sentenced to youth detention due to his age at the time of his arrest.

A spokesperson for Hywel Dda University Health Board said “the NHS is increasingly reliant on the use of digital systems to support patient care we hope that this sentence will act as a deterrent to others from attempting to hack public sector organisations in Wales in the future.

“At the time, this hack caused a number issue in Hywel Dda including:-

Radiologists were unable to effectively report on diagnostic images because the reporting / dictation system we use were unresponsive during the Denial of Service attacks at Prince Philip Hospital. This seriously interrupted clinical workflow and wasted a great deal of Radiologist time. This could have adversely affected the care of patents including those critically ill/injured as without prompt, reliable access to images there is a serious clinical risk.
Our Patient Administration System at Prince Philip Hospital had response time issues causing difficulties on the Wards, A&E and Maternity departments as well as administrative areas like Medical Records.
Experienced delays with ICT services at other Health sites in the Llanelli area including Ammanford and Cross Hands Health Centres.

“Following this incident Welsh Government bolstered the Public Sector network (which all public bodies in Wales use) with hardware and software to detect and stop denial of service attacks in the future and mitigate the risks as far as possible.”

News

Welsh Government outlines new rights for homeowners facing estate management charges

Published

1 minute ago

December 18, 2025

Tom Sinclair

HOMEOWNERS living on privately managed estates in Wales are set to gain new legal protections under changes being introduced as part of the Leasehold and Freehold Reform Act 2024, the Welsh Government has said.

In a written statement published on Thursday (Dec 18), the Cabinet Secretary for Housing and Local Government, Jayne Bryant MS, provided an update on how the legislation will be implemented in Wales, with a particular focus on estate management charges paid by freehold homeowners.

Until now, homeowners on privately managed estates have often faced unclear or high bills for maintenance and services, with limited ability to obtain information or challenge costs. Once fully implemented, Part 5 of the Act is intended to address those concerns.

New powers for homeowners

Under the reforms, homeowners will be given the right to challenge the reasonableness of estate management charges for the first time. Estate managers will also be required to provide clearer information about the services being paid for through those charges.

In cases where estate management has failed, homeowners will be able to apply to a tribunal for a substitute manager to be appointed. The Act will also require estate managers to publish details of any administration charges in advance, where payment is expected.

Jayne Bryant said the changes would bring “significant new rights and protections” for homeowners affected by estate management fees.

Welsh and UK consultations

Responsibility for introducing the necessary secondary legislation is shared between the Welsh and UK Governments. While many of the powers rest with UK Ministers, Welsh Ministers are responsible for rules relating to the publication of administration charges in Wales.

The Welsh Government has confirmed it is working alongside UK counterparts to ensure both consultations are launched at the same time, allowing homeowners and stakeholders to consider the full set of proposals together.

Homeowners are being encouraged to respond to both the Welsh Government consultation on administration charges and the UK Government consultation on the wider estate management regime.

The consultations are now open and form part of the process to bring the new protections into force.

News

Flood warnings issued across Wales as heavy rain raises river levels

Published

24 minutes ago

December 18, 2025

Tom Sinclair

FLOOD warnings and alerts have been issued across large parts of Wales as persistent heavy rain causes river levels to rise, with parts of the country facing an increased risk of flooding on Thursday (Dec 18).

Natural Resources Wales (NRW) has confirmed that four flood warnings are currently in place, meaning immediate action is required, while a further 16 flood alerts have been issued where flooding is possible.

A yellow weather warning for rain has been issued by the Met Office, covering much of Wales from 10:00am on Thursday until 7:00pm, with disruption expected in some areas.

NRW said the warnings follow prolonged wet weather, with further heavy rainfall forecast to move across the country during the day.

The Met Office said: “An area of heavy rain will move northeast across the warning area during Thursday morning and afternoon before clearing to the east through the evening.

“Given recent very wet weather, there is potential for some disruption to travel and possible flooding.

“Much of the warning area will see 15–25mm of rain but some places could see 40–50mm, with the highest totals falling over high ground of south Wales.”

Forecasters have also warned that strong winds could worsen conditions, particularly along the coast.

“There is a chance of 60–70mph gusts along the exposed south coast, and perhaps 40–50mph some way inland,” the Met Office added.

Flood warnings in force

NRW has confirmed flood warnings are currently active at the following locations:

River Towy at Carmarthen Quay, Carmarthen
River Ritec at Tenby
River Towy affecting isolated properties between Llandeilo and Abergwili
River Rhyd Hir at Riverside Terrace, Pwllheli

Residents in these areas are being urged to take immediate action to protect property and personal safety.

Flood alerts issued

In addition, flood alerts — meaning flooding is possible — have been issued for the Lower Severn catchment in Powys, along with other areas shown on NRW’s live flood monitoring maps.

NRW is advising people to remain vigilant, avoid flooded roads and footpaths, and keep up to date with the latest forecasts and warnings.

The Herald understands that river levels will continue to be closely monitored throughout the day as rainfall moves through Wales.

Members of the public can check the latest flood warnings and alerts on the Natural Resources Wales website or by signing up for flood alerts direct to their phone.

Flood alerts and warnings across Wales on Thursday (Pic: NRW).

Crime

Jury discharged after failing to reach verdict in historic abuse trial

Published

1 hour ago

December 18, 2025

Rieve Nesbitt-Marr

CPS have a week do decide if they wish to pursue a re-trial, judge confirms

THE JURY has been discharged in the trial of a Milford Haven man accused of historic child sex offences after telling the court it was unable to reach a verdict, even by majority.

Thomas Kirk, aged 50, of Meyler Crescent, Milford Haven, is charged with the oral rape and sexual assault of a child, with the offences alleged to have taken place in Pembrokeshire between 2007 and 2009, when the complainant was aged between thirteen and fifteen. He denies the charges.

On Thursday (Dec 18), the jury returned to Swansea Crown Court and was asked whether it had reached a verdict on either count upon which at least ten jurors were agreed.

The foreman replied: “No.”

Judge Paul Thomas KC then asked whether there was any realistic likelihood that further deliberations would lead to a verdict being reached.

The foreman replied: “No, your honour.”

Judge Thomas KC said that in those circumstances he would discharge the jury and give the prosecution seven days to decide whether it would seek a retrial.

Addressing the jurors, the judge said they should not think they had failed or let anyone down.

“These things happen,” he said. “It’s one of the strengths of the jury system that people hold different views.”

He thanked the jury for their service and wished them a Merry Christmas and Happy New Year.

The court heard that the prosecution will now consider its position, with a further hearing expected next week to determine whether a retrial will take place.