The ICO has fined TalkTalk £100,000 for failing to protect consumer data from hackers in 2014, when personal details of 21,000 customers were leaked into the public domain.
The regulator said TalkTalk had breached the Data Protection Act because it didn’t safeguard the huge amounts of data it held about its customers from staff. Employees were able to imporperly access the information, which was used by fraudsters to make scam calls to customers, using their names, addresses, phone numbers and account numbers.
The investigation revealed it was actually employees of Wipro, a third party company working with TalkTalk to resolve complaints about network coverage, that were able to access and swipe the data. The ICO found three Wipro accounts that had siphoned off the data, although 40 employees in total had access to the information.
“TalkTalk may consider themselves to be the victims here,” Information Commissioner Elizabeth Denham said. “But the real victims are the…