TalkTalk Issued Record Fine of £400k



TalkTalk have been issued with a record fine of £400,00 by the ICO (Information Commissioner’s Office) following their large scale data breach back in October 2015, due to their widely publicised security failings.

The in-depth investigation carried out by ICO found that the attack on the phone and broadband provider could have been prevented if TalkTalk had taken some basic steps to protect their customers’ data. The report stated the firm allowed the cyber attacker to access customer data “with ease”.

It’s been confirmed by ICO’s investigators that the attack took advantage of several technical weaknesses in TalkTalk’s systems, allowing attackers to access the personal data of over 155,000 customers. The information stolen included names, addresses, dates of bird, phone numbers, as well as email addresses. In over 15,000 cases, the assailant was also able to access bank account details and sort codes of victims.

The ICO said TalkTalk failed to properly scan their infrastructure for potential threats, so were unaware the vulnerable pages existed, or that they enabled access to a database that held customer information. They were also unaware the installed version of their database software was outdated; so was no longer supported by the provider.

Information Commissioner Elizabeth Denham commented on the latest update;

“TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease. Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

On top of this, the Metropolitan Police has also been running a separate criminal investigation, which is still ongoing.

A spokesperson for TalkTalk did not indicate if they will appeal the fine;

“TalkTalk has cooperated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of customers.

During a year in which government data showed 9 in 10 large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset. This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.

As the case remains the subject of an ongoing criminal prosecution, we cannot comment further at this time.”

Free Introduction to ISO 9001 course






start course
Don’t get caught out by cyber criminals! It really could happen to anyone, and there are simple steps your business can take to stay safe. Find out how ISO 27001 could help you, or call our award-winning team for free on 0800 404 7007 to learn more.
We have a brand new White Paper explaining why the demand for ISO 27001 is booming, now more than ever! Read it here >>