TalkTalk has been fined 400,000 pounds over the theft of customer details
Published: 6th October 2016 | Source: ICO |
TalkTalk has been fined £400,000 over the theft of customer details
This hack, which took place between October 15th and 21st, took advantage of a technical weakness in TalkTalk's systems, allowing the personal data of 156,959 customers which included names, addresses, dates of birth, phone numbers and email addresses. In 15,656 cases the hackers were also able to access bank account details and sort codes.
ICO found that TalkTalk has failed to properly scan their infrastructure for potential threats, allowing inherited "vulnerable" webpages from Tiscali, a company TalkTalk acquired in 2009, to be used to enable access to customer information. Below is a comment from Information Commissioner Elizabeth Denham.
TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.
Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.
This is the largest fine that ICO has ever imposed, getting close to the commission's maximum fine of £500,000. TalkTalk has revealed that the attack has already cost the company £42 Million and has cost the company 101,000 subscribers.