Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Wednesday 05 October 2016 1:45 pm

TalkTalk slapped with record fine over cyber attack

By: Lynsey Barber

Add as a preferred source on Google

TalkTalk has been slapped with a record fine of £400,000 for failing to prevent a cyber attack last year.

The Information Commissioner's office has handed out the largest ever fine to the telecoms firm which suffered one of the most high profile attacks ever experienced by a business in the UK.

The data regulator said it did not do enough to protect customer data at even a basic level. More than 150,000 customers had their details stolen;, including bank account numbers, birth dates and addresses.

Read more: TalkTalk share price rises after financial forecast boost

“TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease" said the information commissioner Elizabeth Denham.

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

An investigation by the ICO found hackers gained access to the database of details which it had from its acquisition of Tiscali via vulnerable web pages which it had not spotted.

TalkTalk was not aware there was a bug which could let a hacker bypass the restricted access and so did not fix it with the relevant patch.

It also avoided "two early warnings" before the hack which would have signalled the hole in its security.

"The attacker used a common technique known as SQL injection to access the data. SQL injection is well understood, defences exist and TalkTalk ought to have known it posed a risk to its data," said the ICO.

Read more: TalkTalk boss calls for firms to be made to report all cyber attacks

“In spite of its expertise and resources, when it came to the basic principles of cyber security, TalkTalk was found wanting," said Denham.

“Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Business
  • Tech

Trending Articles

  • Citroën 2CV returns as a £13,000 electric car, and the timing is no accident

  • Wimbledon: HMRC set to slap Sinner and Noskova with £1.6m tax bill

  • Rachel Reeves to unveil next steps for ring-fencing reform at Mansion House

  • Barclays and Lloyds back calls to digitalise UK markets and unlock £33bn boost

  • The former African gold miner taking on the billionaire Issa brothers

More from City PM

  • VodafoneThree enters race for TalkTalk customers with takeover bid

    Telecoms
    Vodafone CEO Margherita Della Valle discussing UK expansion strategy after £4.3bn Vodafone-Three telecoms deal at press c...
  • Virgin Media slapped with £28m fine for stopping customers cancelling deals

    Telecoms
    Vans parked at a bustling city intersection surrounded by tall buildings and pedestrians, highlighting urban transportatio...
  • M&S to face shareholder grilling over cyber attack recovery

    Retail
    Marks and Spencer was one of three UK retailers to be targeted
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

    Retail
    JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity
  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook