TalkTalk has been handed a £100,000 fine by the UK’s data watchdog after failing to protect its customers’ data.
According to a statement, the fine was issued by the Information Commissioner’s Office after TalkTak “failed to look after customers’ data and risked it falling into the hands of scammers and fraudsters”.
News of the breach first surfaced in September 2014, when the telecommunications provider began to receive complaints from customers who said they were receiving calls from scammers posing as technical support technicians.
An investigation by the ICO found that TalkTalk breached the Data Protection Act because “it allowed staff to have access to large quantities of customers’ data”.
“Its lack of adequate security measures left the data open to exploitation by rogue employees,” the statement adds.
The ICO’s investigation looked into how the customer’s details – including names, addresses, phone and account numbers – were compromised and found the issue lay with a TalkTalk portal through which the information could be accessed.
Your Week in Tech: The Spring Statement, Theranos founder charged with fraud and more
Multinational IT services company Wipro, the investigation found, was one of the companies that had access to said portal as it was tasked with solving high-level complaints and addressing network coverage issues on TalkTalk’s behalf.
The investigation by TalkTalk showed that three Wipro accounts had been used to gain unauthorised and unlawful access to the personal data of up to 21,000 customers.
Information commissioner Elizabeth Denham said: “TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people.
“TalkTalk should have known better and they should have put their customers first.”