The UK’s Information Commissioner’s Office has slapped TalkTalk with a £100,000 fine for breaching the Data Protection Act.

The fine relates to 2014, when the personal data of up to 21,000 customers was accessed unlawfully by three accounts belonging to IT services company Wipro.

At the time, TalkTalk outsourced some customer service work to the India-based company.

An investigation was launched after an unspecified number of TalkTalk subscribers complained in September 2014 that they were receiving scam calls in which their addresses and account numbers were quoted.

This revealed that 40 Wipro employees had access to data belonging to 50,000 TalkTalk customers.

The staff could access the data from any internet-enabled device, the ICO said, with no controls in place to restrict access to devices linked to Wipro.

Although the UK government body did not find direct evidence of a link between the compromised information and the complaints about scam calls, it said a lack of adequate security measures had left customer data open to exploitation by “rogue” employees.

Moreover, it said TalkTalk had failed to implement measures to stop the problem despite having had “ample opportunity over a long period of time” to do so.

It is the second time in less than a year that the ICO has fined TalkTalk.

Last October, it handed out a £400,000 fine for security failings related to a cyber attack in 2015.

Information Commissioner Elizabeth Denham said: “TalkTalk may consider themselves to be the victims here.

“But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people.

“TalkTalk should have known better and they should have put their customers first.”

[Read more: TalkTalk CFO to be replaced by Dixons Carphone exec]

In a statement, TalkTalk said: “We notified the ICO in 2014 of our suspicions that a small number of employees at one of our third party suppliers were abusing their access to non-financial customer data.

"We informed our customers at the time and launched a thorough investigation, which has led to us withdrawing all customer service operations from India.

"We continue to take our customers’ data and privacy incredibly seriously, and while there is no evidence that any of the data was passed on to third parties, we apologise to those affected by this incident.”

More News

Iliad enters content game in France, finally launches Italian mobile business Iliad enters content game in France, finally launches Italian mobile business Iliad has acquired football rights in France and launched its opco in Italy as it looks to reboot after a disappointing set of financial results. More detail
Three UK appoints new CCO, CFO Three UK appoints new CCO, CFO The departure of Three UK's Chief Commercial Officer after just 18 months in the job has triggered a shake-up of the mobile operator's top team. More detail
TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk has agreed to sell 80,000 business customers to rival Daisy Group in a £175 million deal. More detail
A1 Telekom Austria Group rebrand reaches Bulgaria A1 Telekom Austria Group rebrand reaches Bulgaria Bulgaria is the third A1 Telekom Austria Group opco to get rebranded as the telco looks to market itself as a provider of "advanced" IT, IoT, cloud and content services. More detail
Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services has expanded its work with Dobroflot by developing a customised IoT solution for the Russian fishing company. More detail
    

 

European Communications is now
Mobile Europe and European Communications

  

From June 2018, European Communications magazine 
has merged with its sister title Mobile Europe, into 
Mobile Europe and European Communications.

No more new content is being published on this site - 

for the latest news and features, please go to:
www.mobileeurope.co.uk 

 

@eurocomms