TalkTalk fined £100,000 for customer data lapse

Published on: 14 Aug 2017

TalkTalk fined £100,000 for customer data lapse

TalkTalk has been fined £100,000 after failing to look after its customers’ data and risking it falling into the hands of scammers and fraudsters.

The telecoms company breached the Data Protection Act by giving staff access to large quantities of customer data and a lack of adequate security measures meant the data could have been exploited by rogue employees, according to findings from an investigation by the Information Commissioner’s Office (ICO), which issued the fine.

News of the breach broke in September 2014 when TalkTalk customers started receiving scam calls for technical problems that quoted customers’ addresses and TalkTalk account numbers.

The subsequent investigation found the issue lay with a TalkTalk portal through which customer information could be accessed. It emerged that three accounts at India-based multinational IT services company Wipro had been used to gain unauthorised and unlawful access to the personal data of up to 21,000 customers.

Wipro staff were able to log in from any internet-enabled device and carry out “wildcard” searches and view up to 500 customer records at a time.

Information commissioner Elizabeth Denham had no pity for TalkTalk.

She commented: “TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people.

“TalkTalk should have known better and they should have put their customers first.”

Image: edublogger/Flickr

TalkTalk fined £100,000 for customer data lapse

Latest articles

Accelerate your career with an online computer science master’s degree

Cyber security jobs news roundup: March 2024

What sort of salary can a security analyst expect?