TalkTalk handed record fine over cyber attack

TalkTalk has been given a record £400,000 fine for security failings over a cyber attack, according to a watchdog.

The Information Commissioner's Office (ICO) investigation found that insufficient security at the company, allowed customer data to be accessed "with ease".

It says TalkTalk could have prevented the data breach last October, if the firm had taken basic steps to protect customers' information.

"For no good reason, TalkTalk appears to have overlooked the need to ensure it had robust measures in place despite having the financial and staffing resources available," the ICO report concluded.

The cyber attack saw the personal details of 156,959 customers accessed, including their names, addresses, dates of birth, phone numbers and email addresses.

In addition, 15,656 customers had their bank account details and sort codes stolen.

Failing to keep the personal information of customers secure is a breach of the Data Protection Act.

"Today's record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue," said Information Commissioner, Elisabeth Denham.

"Companies must be diligent and vigilant. They must do this because they have a duty under law, but they must also do this because they have a duty to their customers," she added.

Following the decision, TalkTalk released a statement to say the company had cooperated fully with the ICO at all times.

"During a year in which Government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset," it said.

"This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business."

The case remains subject to an ongoing prosecution, and as such TalkTalk said it could offer no further comment at this time.