TalkTalk receives record fine for security failings that resulted in 2015 cyberattack

ttilm-623x410

TalkTalk has received a record £400,000 fine for cybersecurity shortcomings that contributed to 2015’s cyberattack.

According to an ICO investigation, this attack could have been prevented if TalkTalk had taken basic security measures to protect customer data.

Elizabeth Denham, information commissioner at the ICO, said: “TalkTalk’s failure to implement the most basic cybersecurity measures allowed hackers to penetrate TalkTalk’s systems with ease.

“TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

Between 5– 21 October 2015, personal information belonging to 156,959 of its customers was accessed. Over 15,000 customer’s personal bank details were also accessed.

As stated in ICO’s report, TalkTalk’s failing went against the seventh data protection principle of the Data Protection Act, which states:

“Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”.

The cyberattack was carried out using an SQL injection. According to the ICO investigation, TalkTalk should have known that this injection posed a risk to its data.

Denham concluded: “Today’s record fine acts as a warning to others that cybersecurity is not an IT issue, it is a boardroom issue.

“Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers.”

by Narinder Purba, ESET We Live Security


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s