TalkTalk handed record fine over basic security failings

TalkTalk has been slapped with a record £400,000 fine by the UK’s Information Commissioner’s Office for security failings related to last year’s cyber attack.

The ICO said the operator could have prevented the attack if it had taken “basic steps” to protect customers’ information.

Almost 157,000 people had their personal details accessed by the hacker in October last year after TalkTalk’s website was breached.

In 15,656 cases, the attacker also got access to bank account details and sort codes.

The ICO said TalkTalk failed to properly scan part of a legacy customer database for possible threats.

TalkTalk “was not aware” that the software was outdated and no longer supported by the provider, it added.

The investigation found that the attacker used SQL injection to access the data, which it described as “a common technique that...is well understood, defences exist and

TalkTalk ought to have known it posed a risk to its data”.

The ICO confirmed that the operator was being charged for breaching the UK Data Protection Act.

Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.

“TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

TalkTalk, which has previously said the attack cost it 95,000 subscribers and halved its full-year profits, unveiled a new strategy designed to regain the trust of consumers earlier this week.

“TalkTalk has cooperated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers,” it said in a statement.

“During a year in which Government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset.

“This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.”

A separate criminal investigation by the Metropolitan Police remains ongoing.

Denham added: “Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue.

“Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

More News

Bouygues Telecom aims high in bid to boost FTTH subscriber base Bouygues Telecom aims high in bid to boost FTTH subscriber base Bouygues Telecom has signed a deal to start providing a FTTH service in partnership with Altitude Infrastructure. More detail
Telekom Austria makes first investment in startup from its own incubator Telekom Austria makes first investment in startup from its own incubator Telekom Austria has made its first investment in a company fostered by its start-up program. More detail
Virgin Media hands control of revenue management to Netcracker Virgin Media hands control of revenue management to Netcracker Virgin Media has signed a managed services deal with Netcracker as it looks to overhaul its BSS. More detail
Deutsche Telekom sends execs back to school to boost digital leadership Deutsche Telekom sends execs back to school to boost digital leadership Deutsche Telekom has teamed up with an American business school to improve the digital skills of its managers. More detail
Ireland’s SIRO launches free gigabit internet service for businesses Ireland’s SIRO launches free gigabit internet service for businesses FTTB provider SIRO is offering free gigabit connectivity to businesses in Ireland as part of a new initiative to boost competitiveness outside the country’s big cities. More detail
    

@eurocomms