The TalkTalk Data Breach
On the 21st October 2015, TalkTalk became aware of a major security breach. Over the following days and weeks, the severity and magnitude of that breach filled the headlines of the British and International newspapers. More than 150,000 users saw their personal information leaked. Of those, more than 15,000 users saw their bank account details compromised.
“failed to apply software patches to a database, fixing a known exposure that had been identified more than 3.5 years prior to the breach.”
The next day, TalkTalk informed the Information Commissioners Office of the data breach. The TalkTalk data breach has cost about £60m and contributed to the loss of over 100,000 customers. The police are still questioning 6 individuals (all under 21 years of age) in relation to the crime.
The ICO Investigation to the TalkTalk data breach
Now TalkTalk is back in the headlines as the ICO issues a record-breaking fine of £400,000, due to security failings that allowed a cyber attacker to access customer data “with ease”. The ICO investigation found that the attack could have been prevented if TalkTalk had taken basic steps to protect customers’ information. Worryingly, TalkTalk failed to apply software patches, fixing a known exposure that had been identified more than 3.5 years prior to the breach. The report highlights that there were two additional attacks 12 weeks before the October breach which had not been detected. More info