TalkTalk fined £400k in customer data theft probe

TalkTalk is sponsoring this year's 'The X Factor' series for a tenth time
TalkTalk is sponsoring this year's 'The X Factor' series for a tenth time

TalkTalk has been fined £400,000 for below-par online security after more than 150,000 customers' personal data was stolen.

The telecoms company suspended all its advertising, including its sponsorship of ITV’s The X Factor, during the cyber attack last October. At the time it was Britain’s seventh biggest advertiser with an estimated annual adspend of more than £90m.

The Information Commissioner, Elizabeth Denham, criticised TalkTalk for having failed to implement basic cyber security measures which "allowed hackers to penetrate TalkTalk’s systems with ease". 

She added: "TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action." 

In a statement, TalkTalk said the fine was disappointing and that it had co-operated fully with the Information Commissioner Office’s investigation. 

It is the largest fine imposed by the ICO, which has the power to impose a maximum fine of £500,000.

The attack cost TalkTalk £42m, the company said in May, and 101,000 subscribers had since left.

The ICO’s report said TalkTalk was using out-of-date database software which had held details of customers inherited from the 2009 takeover of Tiscali. The hacker obtained customers’ details by attacking three vulnerable web pages.

A police investigation of the data theft is still ongoing and six people have been arrested.

Start Your Free 30-Day Free Trial

Get the very latest news and insight from Campaign with unrestricted access to, plus get exclusive discounts to Campaign events.

Become a subscriber


Don’t miss your daily fix of breaking news, latest work, advice and commentary.

register free