It doesn't look like any of these even tried opsec - which isn't surprising because such crimes committed against individuals or small companies effectively became decriminalized in the UK so opsec would just be a waste of time.

Their mistake was to think that embarrassing the establishment by breaching high-profile (Nvidia, etc), culturally-relevant companies (BT/EE) would be met with similar inaction.

Also, with regards to skill, keep in mind that the establishment has a huge interest in making the hacks sound much more advanced than they really were to minimize the embarrassment of the affected companies. It would look really bad if it was widely known that these companies were pwned with nothing more than basic phishing, bribery and social engineering, something anyone can do.