• Home
    •
  • About
    •
  • Sign up
    •
  • Contact
    •
  • Events
    •
  • Video
    •
  • Roundtables
    •
  • Digital Editions
    •
  • Whitepapers
    •
  • Focus Features
    •
  • Jobs
    •
  • Software Reports
    •
  • Supplier Directories
    •
  • Commercial Insurance Awards
    •
  • Business Continuity Awards
    •
  • Risk Management Awards
    •
Subscribe To Our E-Newsletter
Follow Us On Twitter
Privacy And Cookies
Established 1996
Wednesday 17 October 2018

BREAKING NEWS
  • CBI: Budget must tackle Brexit uncertainty
  • Underwriters express concerns over unmanned vehicle adoption
  • Regulators taking tougher stance on ESG disclosure
  • Loss exposures reflect rising geopolitical tensions
  • FCA fines Tesco Bank £16.4m for 2016 cyber attack

TalkTalk fine “nothing compared to upcoming GDPR”

Written by staff reporter
2016-10-06

Telecoms company TalkTalk has been issued with a record £400,000 fine by the ICO for security failings that allowed a cyber attacker to access customer data “with ease”. Investigators found that the cyber attack of October 2015 took advantage of technical weaknesses in TalkTalk’s systems. The attacker accessed the personal data of 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In 15,656 cases, the attacker also had access to bank account details and sort codes.

Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.

“Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”

Some industry commentators say the fine is still relatively small, and is nothing compared to what can be expected under the forthcoming General Data Protection Regulation (GDPR).

"The fine against TalkTalk is the biggest to date as a result of the company not implementing basic levels of protection. It is clear that security has not always been prioritised in the way it is now,” said Mishcon de Reya's Cyber Security Lead Joe Hancock.

"However £400,000 is still a relatively small fine compared to the potential fines that will be levied under the General Data Protection Regulation – the greater of up to 4% of global turnover or €20 million. For TalkTalk this could have been over £70 million.

"We expect to see further examples made of companies who fail to take cyber security as seriously as they would other risks. Implementing basic cyber security protections will go a long way to protecting customers data and company reputations.”

The question now remains whether the responsibility for the fine is with TalkTalk itself, or should be shared between their service providers and suppliers. According to Hancock, these issues are likely to become more pressing as the size of fines increases under GDPR.


Related Articles

Power transmission and distribution risk
Your browser does not support HTML5 video.
Description
Mark Evans talks to Barry Menzies, head of MIDEL ester-based dielectric fluids, at specialist manufacturer M&I Materials, to discover how ester fluids can help reduce the risks associated with transformer applications.
Most read stories...



Download the latest
digital edition of
CIR Magazine


AdvertisementAdvertisement

This website is a part of Perspective Publishing Limited, registered in England no 2876166. By using this website you agree to our COOKIE POLICY and PRIVACY POLICY.