The telecoms company suspended all its advertising, including its sponsorship of ITV’s The X Factor, during the cyber attack last October. At the time it was Britain’s seventh biggest advertiser with an estimated annual adspend of more than £90m.
The Information Commissioner, Elizabeth Denham, criticised TalkTalk for having failed to implement basic cyber security measures which "allowed hackers to penetrate TalkTalk’s systems with ease".
She added: "TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action."
In a statement, TalkTalk said the fine was disappointing and that it had co-operated fully with the Information Commissioner Office’s investigation.
It is the largest fine imposed by the ICO, which has the power to impose a maximum fine of £500,000.
The attack cost TalkTalk £42m, the company said in May, and 101,000 subscribers had since left.
The ICO’s report said TalkTalk was using out-of-date database software which had held details of customers inherited from the 2009 takeover of Tiscali. The hacker obtained customers’ details by attacking three vulnerable web pages.
A police investigation of the data theft is still ongoing and six people have been arrested.