TalkTalk has been slapped with a record £400,000 fine by the UK’s Information Commissioner’s Office for security failings related to last year’s cyber attack.

The ICO said the operator could have prevented the attack if it had taken “basic steps” to protect customers’ information.

Almost 157,000 people had their personal details accessed by the hacker in October last year after TalkTalk’s website was breached.

In 15,656 cases, the attacker also got access to bank account details and sort codes.

The ICO said TalkTalk failed to properly scan part of a legacy customer database for possible threats.

TalkTalk “was not aware” that the software was outdated and no longer supported by the provider, it added.

The investigation found that the attacker used SQL injection to access the data, which it described as “a common technique that...is well understood, defences exist and

TalkTalk ought to have known it posed a risk to its data”.

The ICO confirmed that the operator was being charged for breaching the UK Data Protection Act.

Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.

“TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

TalkTalk, which has previously said the attack cost it 95,000 subscribers and halved its full-year profits, unveiled a new strategy designed to regain the trust of consumers earlier this week.

“TalkTalk has cooperated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers,” it said in a statement.

“During a year in which Government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset.

“This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.”

A separate criminal investigation by the Metropolitan Police remains ongoing.

Denham added: “Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue.

“Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

More News

KPN buys IT firm in healthcare push KPN buys IT firm in healthcare push KPN has acquired an IT services provider as it looks to strengthen its offering to the healthcare and public sector markets in the Netherlands. More detail
“Considerable anger” at Telit as CEO resigns over fraud charges “Considerable anger” at Telit as CEO resigns over fraud charges Telit CEO Oozi Cats has formally departed the company after it emerged that he concealed historical criminal charges. More detail
Manx Telecom suspends CFO over alleged drug offences Manx Telecom suspends CFO over alleged drug offences Manx Telecom has suspended its CFO after he was charged with drug smuggling offences. More detail
TalkTalk fined £100,000 for Wipro-related data breach TalkTalk fined £100,000 for Wipro-related data breach The UK’s Information Commissioner’s Office has slapped TalkTalk with a £100,000 fine for breaching the Data Protection Act. More detail
People are willing to pay more for best mobile network, says TDC Chief Exec People are willing to pay more for best mobile network, says TDC Chief Exec The Chief Executive of TDC has said people are prepared to pay slightly more to access the best mobile network, as she unveiled the operator’s second quarter financials. More detail
    

@eurocomms