TalkTalk, the telecom giant, has been given a record fine for security failings which led to a cyber attacker being able to access customer data “with ease”.
The Information Commissioner’s Office (ICO) carried out an investigation which determined that, if TalkTalk had put basic measures in place to protect customer information, the attack could have been prevented.
Information Commissioner, Elizabeth Denham, said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.
“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”
The cyber-attack in October 2015 took advantage of weaknesses in TalkTalk’s systems and the personal data of 156,959 customers was accessed by the hacker, including names, addresses, dates of birth, phone numbers and email addresses. In addition, the cyber attacker had access to 15,656 people’s bank account details and sort codes.
A statement from TalkTalk said: “TalkTalk has co-operated fully with the ICO at all times and, while this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers.
“During a year in which the government data showed nine in 10 large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with customers from the outset. This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and our business.”