TalkTalk handed record fine over basic security failings

TalkTalk has been slapped with a record £400,000 fine by the UK’s Information Commissioner’s Office for security failings related to last year’s cyber attack.

The ICO said the operator could have prevented the attack if it had taken “basic steps” to protect customers’ information.

Almost 157,000 people had their personal details accessed by the hacker in October last year after TalkTalk’s website was breached.

In 15,656 cases, the attacker also got access to bank account details and sort codes.

The ICO said TalkTalk failed to properly scan part of a legacy customer database for possible threats.

TalkTalk “was not aware” that the software was outdated and no longer supported by the provider, it added.

The investigation found that the attacker used SQL injection to access the data, which it described as “a common technique that...is well understood, defences exist and

TalkTalk ought to have known it posed a risk to its data”.

The ICO confirmed that the operator was being charged for breaching the UK Data Protection Act.

Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.

“TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

TalkTalk, which has previously said the attack cost it 95,000 subscribers and halved its full-year profits, unveiled a new strategy designed to regain the trust of consumers earlier this week.

“TalkTalk has cooperated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers,” it said in a statement.

“During a year in which Government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset.

“This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.”

A separate criminal investigation by the Metropolitan Police remains ongoing.

Denham added: “Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue.

“Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

More News

Virgin Media warns 800,000 customers of router vulnerability Virgin Media warns 800,000 customers of router vulnerability Virgin Media is warning over 800,000 customers to update the passwords on their routers after the device was found to be vulnerable to cyber attack. More detail
Telcos urge EU to align new privacy rules with GDPR Telcos urge EU to align new privacy rules with GDPR Proposed EU rules to govern consumer data use in the electronic communications industry could hamper innovation and economic growth in the sector, according to ETNO and the GSMA. More detail
Orange Business Services hails new deal with Dubai tech unicorn Orange Business Services hails new deal with Dubai tech unicorn Orange’s enterprise arm will supply networking and contact centre services to Dubai-based ride-hailing company Careem after winning a three-year contract. More detail
Cisco looks to re-code enterprise networks with DNA upgrade Cisco looks to re-code enterprise networks with DNA upgrade Cisco has added new features to its enterprise IT network solution that use the likes of analytics and machine learning to boost productivity and improve security. More detail
Ericsson sells power modules business to Flex Ericsson sells power modules business to Flex Ericsson is selling its power modules arm to electronics manufacturer Flex as it looks to improve profitability and focus on core areas. More detail
    

@eurocomms