Fined last year over hack
TalkTalk has been fined £100,000 for failing to protect 21,000 of its customers data, and putting it at risk by allowing contractors to access it.
An Information Commissioner’s Office (ICO) investigation found that employees from Indian tech firm Wipro, which TalkTalk hired to resolve complaints and network problems, had gained “unauthorised and unlawful access” to customer data in late 2014.
Information commissioner Elizabeth Denham said: “TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people. TalkTalk should have known better and it should have put its customers first.”
The investigation was launched after TalkTalk received complaints from customers who said they were receiving ‘scam’ phone calls from people identifying themselves as TalkTalk engineers.
However, the ICO said it did not find direct evidence of a link between the compromised information and complaints about the scam calls.
Jason Hart, CTO, Data Protection at Gemalto and former ethical hacker said it is the important to punish businesses that fail to protect their customers’ data.
He said: “This fine should serve as a warning to all other companies that they need to ensure they are protecting their customers’ data.
“GDPR is just around the corner, so this is likely to be just the start of things and we’ll soon start to see what the real picture of cybersecurity is like throughout Europe
“If businesses are not protecting data at its source they will no longer be able to hide any breaches that occur and ultimately deserve to be fined.”