TalkTalk has been ordered to pay a record fine of £400,000 as a result of the massive data breach that compromised the personal information of 157,000 customers last year.
In a statement, the UK’s Information Commissioner’s Office (ICO) said the telecommunications company was fined for “security failings that allowed a cyber attacker to access customer data ‘with ease.’”
“The ICO’s in-depth investigation found that an attacker on the company last October could have been prevented if TalkTalk had taken basic steps to protect customers’ information,” read the statement.
The cyber attack, which took place between October 15 and October 21, 2015, led to the exposure of 156,959 customer records, including names, addresses, dates of birth, phone numbers and email addresses.
The ICO added that in 15,656 cases, the attacker also gained access to bank account details and sort codes.
“TalkTalk should and could have done more to safeguard its customer information,” said Information Commissioner Elizabeth Denham. “It did not and we have taken action.”
The fine is the largest yet imposed by the ICO, with the maximum fine for data protection breaches being £500,000.
According to a report by BBC News, TalkTalk called the hefty fine “disappointing” as it had “co-operated fully” with the investigation.
“Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue,” added Denham.
“Companies must be diligent and vigilant. They must do this because they have a duty under law, but they must also do this because they have a duty to their customers,” she said.