TalkTalk has been slapped with a record £400,000 fine by the UK’s Information Commissioner’s Office for security failings related to last year’s cyber attack.

The ICO said the operator could have prevented the attack if it had taken “basic steps” to protect customers’ information.

Almost 157,000 people had their personal details accessed by the hacker in October last year after TalkTalk’s website was breached.

In 15,656 cases, the attacker also got access to bank account details and sort codes.

The ICO said TalkTalk failed to properly scan part of a legacy customer database for possible threats.

TalkTalk “was not aware” that the software was outdated and no longer supported by the provider, it added.

The investigation found that the attacker used SQL injection to access the data, which it described as “a common technique that...is well understood, defences exist and

TalkTalk ought to have known it posed a risk to its data”.

The ICO confirmed that the operator was being charged for breaching the UK Data Protection Act.

Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.

“TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

TalkTalk, which has previously said the attack cost it 95,000 subscribers and halved its full-year profits, unveiled a new strategy designed to regain the trust of consumers earlier this week.

“TalkTalk has cooperated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers,” it said in a statement.

“During a year in which Government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset.

“This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.”

A separate criminal investigation by the Metropolitan Police remains ongoing.

Denham added: “Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue.

“Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

More News

Iliad enters content game in France, finally launches Italian mobile business Iliad enters content game in France, finally launches Italian mobile business Iliad has acquired football rights in France and launched its opco in Italy as it looks to reboot after a disappointing set of financial results. More detail
Three UK appoints new CCO, CFO Three UK appoints new CCO, CFO The departure of Three UK's Chief Commercial Officer after just 18 months in the job has triggered a shake-up of the mobile operator's top team. More detail
TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk has agreed to sell 80,000 business customers to rival Daisy Group in a £175 million deal. More detail
A1 Telekom Austria Group rebrand reaches Bulgaria A1 Telekom Austria Group rebrand reaches Bulgaria Bulgaria is the third A1 Telekom Austria Group opco to get rebranded as the telco looks to market itself as a provider of "advanced" IT, IoT, cloud and content services. More detail
Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services has expanded its work with Dobroflot by developing a customised IoT solution for the Russian fishing company. More detail
    

 

European Communications is now
Mobile Europe and European Communications

  

From June 2018, European Communications magazine 
has merged with its sister title Mobile Europe, into 
Mobile Europe and European Communications.

No more new content is being published on this site - 

for the latest news and features, please go to:
www.mobileeurope.co.uk 

 

@eurocomms