Telecoms firm TalkTalk has been issued with a record £400,000 fine by the Information Commissioner’s Office (ICO) for security failings which enabled cyber attackers to gain access to customer data “with ease”.

The investigation from the ICO found that an attack on the company last October could have been prevented if TalkTalk had taken basic steps to protect customer information. The attacker was able to access the personal data of 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In 10 per cent of cases, the attacker also had access to bank account details and sort codes.

TalkTalk was unaware that the installed version of the database software was outdated and no longer supported by the provider. The company said it did not know at the time that the software was affected by a bug – for which a fix was available. The bug allowed the attacker to bypass access restrictions. Had it been fixed, this would not have been possible.

Elizabeth Denham, information commissioner at the ICO, said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease. TalkTalk should and could have done more to safeguard its customer information.

“Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

Responding to the ICO’s decision, TalkTalk said in a statement: “TalkTalk has cooperated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers.

“During a year in which Government data showed nine in 10 large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset. This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.”

Share Story: