2 min read

TalkTalk fined £100,000 after carelessly exposing customer data. Again.

Graham CLULEY

August 11, 2017

TalkTalk fined £100,000 after carelessly exposing customer data. Again.

UK telecoms operator TalkTalk has been fined £100,000 for failing to protect the personal information of consumers, after the details of 21,000 customers were leaked.

The breach, first claim to light in September 2014 after TalkTalk customers began to complain that they were receiving telephone calls from scammers. Most commonly the fraudsters would pretend that they were calling from TalkTalk support about technical problems, and quote customers’ addresses and account numbers in an attempt to appear more legitimate.

According to an investigation by the Information Commissioner’s Office (ICO), the information had been accessed through a TalkTalk portal used by Wipro, an Indian IT services company that resolved customer complaints on TalkTalk’s behalf.

In January 2016, three Wipro employees were arrested in connection with the scam calls, which had been flooding TalkTalk customers. In all it was determined that the personal details of up to 21,000 customers had been accessed.

An investigation discovered that some 40 Wipro workers were able to access the data of between 25,000 and 50,000 customers, and that the data itself was poorly protected to prevent abuse.

For instance, staff were able to:

  • log in to the portal from any internet-enabled device. No controls were put in place to restrict access to devices linked to Wipro.
  • carry out “wildcard” searches – for example, entering “A*” to return all surnames beginning with that letter. This allowed staff to view large numbers of customer records at a time and to export data.
  • view up to 500 customer records at a time.

Such powerful and wide-ranging access to sensitive data was clearly asking for trouble, in the opinion of the ICO:

“TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people,” said Information Commissioner Elizabeth Denham. “TalkTalk should have known better and they should have put their customers first.”

All companies should have appropriate technical or organisational measures in place to keep personal data secure, says the ICO’s report which notes that TalkTalk had “ample opportunity over a long period of time to implement appropriate measures, but it failed to do so.”

And although no direct evidence has been found between the data breach and the spate of scam calls that TalkTalk customers have received over the years, I don’t think anyone could be criticised for assuming that they are somehow connected.

Of course, this isn’t the first time that TalkTalk has found itself under the spotlight for a serious security breach.

Most infamously there was the headline-grabbing hack of October 2015 where the personal details of 157,000 TalkTalk customers and approximately 15,600 bank account numbers were stolen. That breach came about because of a spate of shameful security practices, and resulted in TalkTalk receiving a record fine.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read