£400k fine for TalkTalk over hacking (but boss still gets paid £2.8m)
TALKTALK has been fined £400,000 for security failures that let a hacker access customer accounts.
The attacker obtained the names, addresses, dates of birth, phone numbers and email addresses of 156,959 people.
He also had access to the banking details of 15,656.
Dido Harding, who is paid £2.8million as chief executive of the telecoms, broadband and TV firm, suggested it had been targeted by sophisticated criminals.
However the Information Commissioners Office, which imposed the fine, said TalkTalk was guilty of blatant security failures.
It found that the company could have prevented the attack last October had it ‘taken basic steps to protect customers’ information’.
Nick McAleenan, a data privacy expert at JMW Solicitors, said
‘Taken basic steps’
customers may now sue TalkTalk for compensation.
He is acting on behalf of 5,500 past and present employees of the retailer Morrisons who had their personal information stolen and posted online in 2014.
‘Now that the ICO has ruled on the extent of TalkTalk’s shortcomings, customers may feel entitled to regard that as something of a green light for their attempts to claim compensation,’ he said.
‘Sadly, these sorts of information security failings are all too common and they can have extremely serious consequences for those involved.’
It is feared that lists of TalkTalk customers are now being traded by criminal gangs with the result that they are likely to be targeted by fraudsters for years.
Information commissioner Elizabeth Denham said TalkTalk had failed to properly scan its website for possible threats and missed two clear warnings.
A TalkTalk spokesman said: ‘We have cooperated fully with the ICO at all times.’
Police investigating the attack have made a number of arrests.