WOEFUL UK INTERNET SERVICES PROVIDER TalkTalk needs to keep a bit quieter, as it has just been fined £100,000 by the Information Commissioner's Office (ICO) because some of the personal data pinched in a breach on it could have been used to scam people.
TalkTalk's breach happened in 2014. The firm was hacked in autumn 2015 and plucked of the personal data of 156,959 customers including names, addresses, dates of birth, phone numbers and email addresses. This fine is not about that one though, this is another bad data protection move by the firm on top of the other one.
The main TalkTalk hack all seems like ages ago, and we thought that all the major fines have been laid down by now. The firm lost a CEO, a lot of the respect that some may have had with it, and has already been given a £400,000 fine by the ICO.
Then TalkTalk paid early, getting itself an £80,000 discount, which it could use towards this latest fine from the ICO. It also got some non-chill criticism from the latest Information Commissioner, Elizabeth Denham.
"TalkTalk's failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk's systems with ease," she said.
"Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action." That was in late 2016, TalkTalk accepted the lot and the fine, and hopefully the advice.
Back to today's fine and the ICO is more than miffed that TalkTalk allowed an Indian company called Wipro to access customer data. 40 people had access to the details of as many as 50,000 TalkTalk customers and three Wipro logins were used to access the details of 21,000 customers.
The ICO found that any internet connected device could access the data and that users could carry out wildcard searches such as "A" and received back a list of every customer with an surname beginning with "A".
Such details could have led to fraudulent activity, bullshit phone calls, and long drawn out conversations with your bank.
"TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people," said a resolutely unimpressed Denham. "TalkTalk should have known better and they should have put their customers first."
We have asked TalkTalk if this is something that it wants to comment on, and it did.
"We notified the ICO in 2014 of our suspicions that a small number of employees at one of our third party suppliers were abusing their access to non-financial customer data," it said.
"We informed our customers at the time and launched a thorough investigation, which has led to us withdrawing all customer service operations from India. We continue to take our customers' data and privacy incredibly seriously, and while there is no evidence that any of the data was passed on to third parties, we apologise to those affected by this incident." µ
More wise words from Mountain View
Firm failed to say that launch prices were only an 'introductory offer'
We think we all have an airbag problem
Give us a break