TalkTalk on receiving end of record £400,000 ICO fine for failing to prevent October 2015 cyber attack
Telecoms company TalkTalk has been issued with a record £400,000 fine by the Information Commissioner’s Office (ICO) for security failings that allowed a cyber attacker to access customer data “with ease”. The ICO’s in-depth investigation found that an attack on the company last October could have been prevented if TalkTalk had taken basic steps to protect customers’ information.
ICO investigators found that the cyber attack between 15 and 21 October 2015 took advantage of technical weaknesses in TalkTalk’s systems. The attacker accessed the personal data of no less than 156,959 customers including their names, addresses, dates of birth, phone numbers and e-mail addresses. In 15,656 cases, the attacker also had access to bank account details and sort codes.
Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic of cyber security measures allowed hackers to penetrate the company’s systems with ease. Yes, hacking is wrong, but that’s not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”