TalkTalk’s Cyber Security Negligence Gets It Hit With £400,000 ICO Fine

TalkTalk has been fined a record £400,000 by the Information Commissioner’s Office (ICO) for failures in its security which led to a hacker gaining access to its customers’ data.

The ICO found that TalkTalk could have avoided the cyber attack if it took a few basic security steps to protect the information it holds on its customers.

The technical weaknesses in TalkTalk’s security meant that between 15 and 21 October 2015, a hacker was able exploit holes in the system and swipe data, such as the names, addresses, date of birth and phone numbers of 156,959 customers.

The attacker also managed to gain access to the bank account details and sort codes of 15,656 customers, making the data leak that bit more severe.

TalkTalk found wanting

The attack on TalkTalk happened when data was accesses through the hacking of three vulnerable webpages the company inherited from Tiscali’s UK business in 2009. TalkTalk’s failure to scan this infrastructure to find security vulnerabilities is the reason behind the ICO’s hefty fine.

TalkTalk was apparently not aware of the fact the underlying database to the webpages was outdated and lacked support from its vendor. As such, TalkTalk was not aware of a bug, which has a fix for it, was lying amongst the infrastructure.

“In spite of its expertise and resources, when it came to the basic principles of cyber-security, TalkTalk was found wanting,” said Information Commissioner Elizabeth Denham.

“Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

TalkTalk’s fine comes courtesy of it being found to have breached the seventh principle of the Data Protection Act for failing to have appropriate security measures in place to protect its customers’ data.

TalkTalk sent a statement to TechWeekEurope highlighting how it had coperated wit hte ICO and was respectful if disappointed in the decision.

“During a year in which government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset,” said a spokesperson.

“This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business,” the company said. “As the case remains the subject of an ongoing criminal prosecution, we cannot comment further at this time.”

Data leaks are becoming prevalent in all manner of tech businesses, notably Yahoo of late, which saw a hack attack two years ago result in the leaking of 500 million of its user accounts, though ironically Yahoo seems quite happy to part with data given its involvement in creating a surveillance system for US intelligence agencies to snoop on its users’ emails.

Can you protect your privacy online? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 hour ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

4 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

4 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

5 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

22 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

22 hours ago