TalkTalk fined £100,000 as “rogue staff” grab customer data

TalkTalk are the latest ISP to be slapped with a six-figure fine after failing to keep customers’ data safe.

The Information Commissioner’s Office laid the £100,000 fine on TalkTalk after finding the firm risked personal data falling into the hands of hackers, con-men and scammers.

An ICO investigation found that TalkTalk staff had wide access to its customers personal details. Lax security measures also made it more likely that ‘rogue employees’ could take advantage of valuable data relatively easily.

Staff – including outside IT consultants – could log into TalkTalk’s systems from any internet-enabled device and view up to 500 customer records at a time.

The failings came to light in September 2014 when customers began complaining to TalkTalk that they were getting multiple scam calls.

Scammers usually pretended they were tech support for TalkTalk and had correct customer numbers and addresses.

TalkTalk put the personal data of 21,000 customers at risk, the ICO ruled.

TalkTalk blamed “rogue employees” at Indian IT support firm Wipro, who were supposed to be resolving high-level complaints, for stealing customer data.

Around 40 employees at the outside contractor had wide-ranging access to the personal details of between 25,000 and 50,000 TalkTalk customers.

The ICO found this level of access was unjustifiably wide-ranging and put the data at risk.

Information Commissioner Elizabeth Denham said: “TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people.

“TalkTalk should have known better and they should have put their customers first.”