You may have heard about TalkTalk this year. They’re a British television, telecommunications, Internet and mobile network service provider. They’ve just been handed a whopping £400,000 fine for what is classed as poor web security. It follows a cyber attack which occurred in October last year. This resulted in their website being hacked and the personal data of 157,000 customers disappearing. The Information Commissioner’s Office has imposed the fine and have stated that the security of the site was so poor and the attack was able to succeed with ease.
This fine is the largest yet imposed by the ICO. It was nearly the maximum that could be imposed (£500,000).
TalkTalk said the fine was “disappointing” as it had “co-operated fully” with the investigation.
The Information Commissioner, Elizabeth Denham, said…
TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.
Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.
TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.
In nearly 16,000 cases, the attacker was able to steal bank account details.
In spite of its expertise and resources, when it came to the basic principles of cyber-security, TalkTalk was found wanting.
A police investigation of the data theft is still going on, and as of today six people (all under 21) have been arrested. TalkTalk earlier revealed that the attack had cost it £42m and that 101,000 subscribers had left in the aftermath of the attack.
Have you been one of the ones effected by the attack? Have you left TalkTalk because of it? Let us know in the comments below.