The Information Commissioner's Office (ICO) has dished out a record £400,000 fine to TalkTalk over the security shortcomings that resulted in the high-profile cyber attack that hit (opens in new tab) the company last year.
The attackers managed to access the financial data of over 15,000 TalkTalk customers and the personal information of 150,000, with the ICO stating that the hack “could have been prevented if TalkTalk had taken basic steps to protect customers’ information.”
Information commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease. Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”
The internet service provider responded with a statement saying: “TalkTalk has co-operated fully with the ICO at all times and, while this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers.
“During a year in which the government data showed nine in 10 large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset. This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business. As the case remains the subject of an ongoing criminal prosecution, we cannot comment further at this time.”
Image source: Shutterstock/AVN Photo Lab