TalkTalk fined £400k in customer data theft probe

TalkTalk has been fined £400,000 for below-par online security after more than 150,000 customers' personal data was stolen.

TalkTalk is sponsoring this year's 'The X Factor' series for a tenth time
TalkTalk is sponsoring this year's 'The X Factor' series for a tenth time

The telecoms company suspended all its advertising, including its sponsorship of ITV’s The X Factor, during the cyber attack last October. At the time it was Britain’s seventh biggest advertiser with an estimated annual adspend of more than £90m.

The Information Commissioner, Elizabeth Denham, criticised TalkTalk for having failed to implement basic cyber security measures which "allowed hackers to penetrate TalkTalk’s systems with ease". 

She added: "TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action." 

In a statement, TalkTalk said the fine was disappointing and that it had co-operated fully with the Information Commissioner Office’s investigation. 

It is the largest fine imposed by the ICO, which has the power to impose a maximum fine of £500,000.

The attack cost TalkTalk £42m, the company said in May, and 101,000 subscribers had since left.

The ICO’s report said TalkTalk was using out-of-date database software which had held details of customers inherited from the 2009 takeover of Tiscali. The hacker obtained customers’ details by attacking three vulnerable web pages.

A police investigation of the data theft is still ongoing and six people have been arrested.


Become a member of Campaign from just £78 a quarter

Get the very latest news and insight from Campaign with unrestricted access to , plus get exclusive discounts to Campaign events

Become a member

Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an alert now

Partner content

Building brand humanity


Ikea sweeps up TV creativity award