ICO fines TalkTalk £100k for data breach

ICO fines TalkTalk £100k for data breach. The regulator said TalkTalk had breached the Data Protection Act because it didn't safeguard the huge amounts of data it held about its customers from staff. Employees were able to imporperly access the information, which was used by fraudsters to make scam calls to customers, using their names, addresses, phone numbers and account numbers. The investigation revealed it was actually employees of Wipro, a third party company working with TalkTalk to resolve complaints about network coverage, that were able to access and swipe the data. The ICO found three Wipro accounts that had siphoned off the data, although 40 employees in total had access to the information. "TalkTalk may consider themselves to be the victims here," Information Commissioner Elizabeth Denham said. "But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people. TalkTalk should have known better and they should have put their customers first." The ICO said TalkTalk's actions breached the seventh principle of the Data Protection Act because it didn't have the appropriate technical or operational safeguards in place to prevent employees from accessing the confidential information. "This incident highlights why it is essential for companies to understand exactly how users are interacting with the network and data," Nir Polak, CEO at Exabeam.
TalkTalk

The ICO has fined TalkTalk £100,000 for failing to protect consumer data from hackers in 2014, when personal details of 21,000 customers were leaked into the public domain.

The regulator said TalkTalk had breached the Data Protection Act because it didn’t safeguard the huge amounts of data it held about its customers from staff. Employees were able to imporperly access the information, which was used by fraudsters to make scam calls to customers, using their names, addresses, phone numbers and account numbers.

The investigation revealed it was actually employees of Wipro, a third party company working with TalkTalk to resolve complaints about network coverage, that were able to access and swipe the data. The ICO found three Wipro accounts that had siphoned off the data, although 40 employees in total had access to the information.

“TalkTalk may consider themselves to be the victims here,” Information Commissioner Elizabeth Denham said. “But the real victims are the…

Written By
More from Industry News

Rescue terrier hacked to death with samurai sword ‘after wandering into neighbour’s house’

Author: Jim Hardy / Source: The Sun A family was in tears today after...
Read More

Leave a Reply

Your email address will not be published. Required fields are marked *