TalkTalk fined 400,000 for security failings and data breach

Thursday, October 6th 2016

TalkTalk, the telecom service provider of UK, has been fined a record £400,000 for the security failing that allowed a data breach during the cyber attack last October. The biggest fine ever issued by the Information Commissioner's Office, comes after an in-depth investigation by the ICO into the devastating cyber attack that happened during between 15th and 21st October of last year, when hackers stole personal data of nearly 157,000 customers. That included addresses, dates of birth, besides personal details. The hackers accessed successfully, in the case of 15,656 cases, the customer's bank account details and sort codes!

The investigators point out that hackers took advantage of a technical weakness in the system, specifically on 3 vulnerable webpages, that was part of the infrastructure of Tiscali, which TalkTalk acquired during 2009. ICO found that it was the provider's failure to scan these pages for possible threats and to detect the presence of a bug, which had a fix available, that allowed unauthorised access to a database holing important customer information.

During an investigation of into latency, the cyber attack was detected on 21st October, 2015. A ransom demand was received by TalkTalk and it took a number of its websites offline . It alerted the police, and the following day its customers, about the cyber attack.

Subsequently, over the next 3 months TalkTalk lost some 100,000 of its customers, which cost the provider an estimated £60 million. But the telecom provider was criticised for not permitting customers to exit their contracts without a cancellation fee, but the company did offer customers upgrades to their packages for free.

Elizabeth Denham, Information Officer, commented that TalkTalk should have done and could have done more to safeguard their customer information database. As it did not, ICO has take action, she added. The Information Commissioner 'found wanting' of TalkTalk, when it came to basic principles of cyber security, despite its expertise and resources. Elizabeth Denham accusing remarked that the record fine is a warning to others that cyber security cannot be viewed as an IT issue, but as a boardroom issue.

Related News
Friday, January 21st 2011
YouView, a significant broadband catch up television facility broadband video on demand facility for the United Kingdom that is free ...
Thursday, December 16th 2010
The broadband enabled television service led by the BBC, YouView is believed to prove successful in the year 2011, at ...
Thursday, August 18th 2011
BT’s Wholesale arm will get a new Chief Executive Officer, once Sally Davis resigns from his post. Sally Davis has ...
Tuesday, August 17th 2010
Which?, the popular consumer magazine operating from the United Kingdom has published the results from the broadband market research carried ...