TalkTalk has been fined a record £400,000 fine for security failings which led to the theft of personal data of almost 157,000 customers.
The Information Commissioner's Office (ICO) said the attack could have been prevented if TalkTalk had taken basic steps to protect customers’ information.
Almost 157,000 customers had their details stolen, including bank account numbers, birth dates and addresses.
Elizabeth Denham, the Information Commissioner, said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.“
“Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.”
“TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action,” she added.
An investigation by the ICO found hackers gained access to the database of details which TalkTalk had from its takeover of rival firm Tiscali via vulnerable web pages which it had not spotted.
TalkTalk also avoided “two warnings” prior to the hack which should have alerted the firm to the problems with its software and data storage.
“In spite of its expertise and resources, when it came to the basic principles of cyber-security, TalkTalk was found wanting,” Denham said.
“Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this not only because they have a duty under law, but because they have a duty to their customers,” she added.
Mark Skilton, a professor of practice at Warkwick Business School and an expert on cyber security, said the fine was insignificant and a little more than “a sting” to TalkTalk's finances.
“Even by factoring in the reported numbers of 157,000 personal details and, of those, the 16,000 who had bank details stolen, it still only equates to £2.50 per head or £25 per person who lost banking data. The fine seems to be ‘proportionate’ to the impact, but shows little regard for the possible risks and lack of due diligence of a company with four million subscribers,” Skilton said.
“TalkTalk seem to have got off lightly here even if their argument is that the millions of customers were not at risk: a strong message and fines approach needs to be in place for corporates to manage and treat cyber security as a real corporate risk and not just a customer data mismanagement issue,” he added.
TalkTalk profits more than halved following the cyber attack.
Pre-tax profits fell to £14m in the year to 31 March, from £32m a year earlier.
Earlier this year, Dido Harding, TalkTalk chief executive, admitted that last October was a challenging period for the company.
She said TalkTalk was working to regain customers’ trust.
“Throughout the cyber attack, we worked hard to put our customers first, and we know that they have appreciated our efforts and our honesty throughout.”
Biggest business scandals in pictures
Biggest business scandals in pictures
1/18 Former Reckitt Benckiser executive linked to death of 100 people in South Korea jailed for seven years - Friday January 6
A former South Korean executive of UK-based Reckitt Benckiser has been jailed for seven years over the sale of a humidifier disinfectant that killed about 100 people and left hundreds with permanent lung damage. Shin Hyun-woo, head of Reckitt Benkiser’s Oxy subsidiary from 1991 to 2005, was found guilty of accidental homicide and falsely advertising the deadly product as being safe even for children. The consumer product disaster affected many families in South Korea, where children and pregnant women often battle dry winter seasons with humidifiers. Other retailers such as Lotte Mart and Homeplus were also found guilty of selling the deadly product.
2/18 Rogue trader
A French court cut the damages owed by rogue trader Jerome Kerviel from €4.9bn (£4.2bn) to just €1m (£860,000). The court ruled on that Kerviel was “partly responsible” for massive losses suffered in 2008 by his former employer Societe Generale through his reckless trades. Kerviel has consistently maintained that bosses at the French bank knew what he was doing all along.
3/18 Lloyds chief apologises for damage caused by affair allegations - August 2016
Antonio Horta-Osorio, the chief executive of Lloyds Bank, has broken his silence over allegations about his private life admitting he regrets any "damage done to the group's reputation". In a message sent to the bank's 75,000 employees, the banker said that anyone can make mistakes while insisting that staff had to maintain the highest professional standards.
4/18 Christine Lagarde faces court over £340m Bernard Tapie payment - July 2016
The head of the International Monetary Fund (IMF), Christine Lagarde, must stand trial in France over a payment of €403 million (now £340m, then £290m) to tycoon Bernard Tapie, a France's highest appeals court has ruled. The court rejected Ms Lagarde's appeal against a judge's order in December for her to stand trial over allegations of negligence in her handling of the affair. Ms Lagarde could risk a maximum penalty of one year in prison and a fine of €15,000 euros if convicted.
5/18 HSBC senior manager arrested in FX rigging investigation at JFK airport in New York - July 2016
A senior executive at HSBC has been arrested at New York's JFK airport for his alleged involvement in a conspiracy to rig currency benchmarks, according to reports. Mark Johnson, global head of foreign exchange cash trading in London, was reportedly arrested on Tuesday. He will appear before a federal court in Brooklyn on Wednesday charged with conspiracy to commit wire fraud, Bloomberg said.
6/18 Former PwC employees found guilty in 'Luxleaks' tax scandal - June 2016
Two ex- PricewaterhouseCoopers staffers were found guilty in Luxembourg of stealing confidential tax files that helped unleash a global scandal over generous fiscal deals for hundreds of international companies. Antoine Deltour and Raphael Halet face suspended sentences of 12 months and 9 months and were ordered to pay fines of €1,500 (£1,230) and €1,000 (£822) for their role in the so-called LuxLeaks scandal. Despite the minimal sentences, the ruling was described by Deltour’s lawyer as “shocking” and “a terrible anomaly.” The ruling “puts on guard future whistle-blowers,” Deltour told reporters.The LuxLeaks revelations sped beyond Luxembourg, causing European Union regulators to expand a tax-subsidy probe and propose new laws to fight corporate tax dodging, while EU lawmakers created a special committee to probe fiscal deals across the 28-nation bloc.
7/18 Goldman Sachs dealmakers lavished Libyan officials with prostitutes to win contract - June 2016
A former Goldman Sachs dealmaker trying to persuade Gadaffi-era Libya to invest $1 billion with the investment bank procured prostitutes and invited Libyan officials to lavish parties in the hope of winning the business, the High Court heard on Monday June 13.The Libyan Investment Authority sovereign wealth fund is suing Goldman Sachs for inappropriately coercing its naïve staff into giving its sovereign wealth fund cash to the bank to invest in products they did not understand. The products were designed to generate big profits for Goldman, the LIA claims.Goldman denies wrongdoing and says the LIA was treated as an arms-length customer
8/18 Former boss of BHS said his life was threatened - June 2016
Darren Topp, the former boss of BHS, has said former owner Dominic Chappell threatened to kill him when he challenged him over a £1.5 million transfer out of the business. MPs on the Business, Innovation and Skills Committee asked Mr Topp about a £1.5 million transfer Mr Chappell made from BHS to a company called BHS Sweden.
9/18 Sports Direct founder Mike Ashley admits paying workers below the minimum wage - June 2016
Mike Ashley admitted paying Sports Direct employees below the minimum wage at a hearing in front of MPs. The company founder said that workers were paid less than the statutory minimum because of bottlenecks at security in an admission that could result in sanctions from HMRC.
10/18 Mitsubishi admits ‘improper’ fuel tests - April 2016
Mitsubishi has admitted to using false fuel methods dating back to 1991. The scale of the scandal is only just coming to light after it was revealed in April that data was falsified in the testing of four types of cars, including two Nissan cars.
11/18 Panama Papers: Millions of leaked documents expose how world’s rich and powerful hid money - April 2016
Millions of confidential documents have been leaked from one of the world’s most secretive law firms, exposing how the rich and powerful have hidden their money. Dictators and other heads of state have been accused of laundering money, avoiding sanctions and evading tax, according to the unprecedented cache of papers that show the inner workings of the law firm Mossack Fonseca, which is based in Panama.
12/18 Google's tax avoidance
Google reached a deal with the HM Revenue and Customs to pay back £130 million in so-called “back-taxes” that have been due since 2005. George Osborne championed the deal as a “major success”. But European MEPs have since called for the Chancellor to appear in front of the committee on tax rulings to explain the tax deal.
13/18 Turing Pharmaceuticals and Martin Shkreli
Martin Shkreli became known as the “most hated man in the world” after his drug company, Turing, increased the price of a 62-year-old drug that treated HIV patients by 5,000% to $750 a pill. He was charged with illegally taking stock from Retrophin, a biotechnology firm he started in 2011, and using it pay off debts from unrelated business dealings. Shkreli, who maintains he is innocent, and says there is little evidence of fraud because his investors didn't lose money.
14/18 Volkswagen emissions scandal
VW admitted to rigging its US emission tests so that diesel-powered cars would looks like they were emitting less nitrous oxide, which can damage the ozone layer and contribute to respiratory diseases. Around 11 million cars worldwide were affected.
15/18 Quindell, the scandal-ridden insurance firm
Quindell was once a darling of AIM but its share price fell in April 2014 when its accounting practices were attacked in a stinging research note by US short seller Gotham City. In August the group was forced to disclose that the £107 million pre-tax profit it had reported for 2013 was incorrect, and it had in fact suffered a £64million loss.
16/18 Toshiba Accounting Scandal
The boss of Toshiba, the Japanese technology giant, resigned in disgrace in the wake of one of the country’s biggest ever accounting scandals. His exit came two months after the company revealed that it was investigating accounting irregularities. An independent investigatory panel said that Toshiba’s management had inflated its reported profits by up to 152 billion yen (£780m) between 2008 and 2014.
17/18 FIFA Corruption Scandal
Fifa, football's world governing body, has been engulfed by claims of widespread corruption since the summer of 2015, when the US Department of Justice indicted several top executives. It has now claimed the careers of two of the most powerful men in football, Fifa President Sepp Blatter and Uefa President Michel Platini, after they were banned for eight years from all football-related activities by Fifa's ethics committee. A Swiss criminal investigation into the pair is ongoing.
18/18 Libor fraudster
City trader Tom Hayes, 35, has become the first person to be convicted of rigging Libor rates following a trial at London's Southwark Crown Court. Hayes worked as a trader in yen derivatives at UBS before joining the American bank Citigroup in Tokyo. He was fired from Citigroup following an investigation into his trading methods. He returned to the UK in December 2012 and was arrested following a two-and-a-half year criminal investigation by the SFO.
“Nevertheless, last October was a challenging period for TalkTalk and its customers and, in recognition of that, I have made a personal decision to donate my bonus to our charity partner,” she said.
Despite presiding over the firm in the year it was hit by the attack, Ms Harding has seen her 2015 pay almost triple.
Her total income rose to £2.8m in 2015, up from just over £1m the year before, according to the firm’s annual results.Reuse content