Compliance

TalkTalk fined £400,000 for last year’s data breach

TalkTalk has been fined a record £400,000 by the Information Commissioner’s Office (ICO) for its poor data security, which led to the theft of personal data belonging to 157,000 customers in October 2015.

The ICO said that “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate systems with ease.”

Nigel Hawthorn, chief European spokesperson at Skyhigh Networks, said: “I am pleased the ICO is taking this particular loss very seriously and believe that the amount is appropriate in the circumstances. Some people may think £400,000 is high, but let’s remember it is only £2.50 per impacted customer.”

The ICO can currently fine firms for serious data breaches up to £500,000, but the incoming GDPR legislation will make that maximum amount much higher.

Hawthorn said: “The real loss to TalkTalk is far greater. It had a stock price drop of 11 percent, claimed to have lost 101,000 customers and had a revenue reduction of £80 million in the quarter after the attacks. In addition, the name TalkTalk will forever be linked to this and its other data loss incidents.”

Mark O’Halloran, tech expert and partner at law firm Coffin Mew, said of the fine: “The maximum penalty the ICO can impose is £500,000, so this fine is huge. But it will be dwarfed by the fines the ICO can impose from May 2018 under the GDPR, which are up to 4 percent of global turnover for the worst data breaches.”

O’Halloran said: “What companies need to do is contact cyber security specialists to have their IT systems and procedures tested for vulnerabilities. Auditing the security of IT systems will also be a legal requirement from 2018, as well as appointing a data protection officer who will be obliged to report any data breaches to the ICO.

“What counts as sufficient protection depends to a great extent on what security solutions are available on the market. If most companies are protecting their data with the latest state-of-the-art software and best practice procedures, any company behind the curve is at risk of serious fines and, of course, loss of reputation and business.”

@AntonySavvas

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Leave a Comment
Share
Published by
Antony Savvas
Tags: data breachGDPRicolegalTalkTalk
8 years ago

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago