TalkTalk fined £100,000 for putting 21,000 customers at risk of scams and fraud
data protection

TalkTalk fined £100,000 for putting 21,000 customers at risk of scams and fraud

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

As if the £400,000 fine last year was not enough, TalkTalk has been slapped with a £100,000 fine for reportedly breaching data protection laws over customer information.

Unlike the last fine which came off the back of countless customers’ information being exposed after a malicious hacking, TalkTalk is being fined for an alleged lack of information security, leaving customer data “open to exploitation by rogue employees.”

TalkTalk employees reportedly have access to a great deal of information, heightening the need for internal security measures.

The latest issue

This particular breach was discovered when customers reported complaints of calls from scammers. During these calls, scammers pretended to be support services, and in order to ‘verify’ their position, scammers reportedly quoted the customers’ own addresses and TalkTalk account numbers; information only TalkTalk and authorised agents should have access to.

The ICO investigated the complaints and found that TalkTalk was using a portal where employees could access customer data through a database. Access was shared with an Indian-based IT company Wipro, who are tasked with dealing with TalkTalk’s customer complaints and coverage problems. However, the level of access provided to Wipro is said to be unreasonably large, putting customers at risk.

Unauthorised access confirmed

Three employee accounts were found to have accessed personal information without authorisation for up to 21,000 TalkTalk customers. With such a vast amount of information at their fingertips, it was possibly inevitable that someone would break the rules and access information they had no right to.

The ICO found that “forty Wipro employees had access to data of between 25,000 and 50,000 TalkTalk customers”. The cause for concern is that, unless 50,000 customers wanted to complain about service or network, why would Wipro employees need access to such a great deal of information?

There’s more…

Wipro employees could also:

  • Log in to the portal from any device that has internet access, with no restrictions. This included connecting remotely, meaning employees could access customer databases from their homes;
  • Make “wildcard” searches to filter through customers;
  • View up to 500 customer records at a time.

The level of access and lack of control over customer data was condemned by the ICO, viewing it as “unjustifiably wide-ranging and put the data at risk”. Whilst it may be easier to just give all employees unlimited access to all customer data, TalkTalk has a responsibility to uphold data protection rules to ensure the personal data they hold is not misused.

Stern warnings from the ICO

The Information Commissioner Elizabeth Denham warns that companies cannot shift data protection responsibilities to third parties and they must vet vendors to ensure they have a consistent level of security that matches or surpasses the company’s own measures.

Holding very little sympathy for TalkTalk, Denham stated:

“TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people… TalkTalk should have known better and they should have put their customers first.”

TalkTalk was therefore fined £100,000 for breaching the seventh principle of the Data Protection Act: for not having “appropriate technical or organisation measures in place to keep personal data secure“.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon