You are here: Home - Household Bills - News -

TalkTalk fined for exposing customers to scam risk

Written by: John Fitzsimons
An investigation found TalkTalk left the personal details of thousands of customers at risk of abuse from fraudsters.

Communications firm TalkTalk has been fined £100,000 by the Information Commissioner’s Office (ICO), after an investigation found it had failed to protect customers’ data.

The fine follows a three-year investigation into the firm, after many of TalkTalk’s customers reported receiving scam calls from fraudsters posing as technical support staff.

The scam was particularly effective as the fraudsters were able to quote customers’ addresses and account numbers.

Elizabeth Denham, the information commissioner, said that TalkTalk’s failure to protect its customers had put thousands at risk of abuse by the malicious actions of just a small number of people.

She continued: “TalkTalk should have known better and they should have put their customers first.”

According to the ICO, the problem came from a TalkTalk portal through which users could access reams of information about individual customers. This portal was not sufficiently secure however.

Wipro, a multinational IT services company based in India had access to the portal, as it helped resolve high level complaints and network coverage problems on TalkTalk’s behalf. But the ICO found that three Wipro accounts had been used to gain unauthorised and unlawful access to personal details of as many as 21,000 customers.

In total 40 Wipro employees had access to the data of between 25,000 and 50,000 TalkTalk customers. No controls were put in place to restrict access to only devices linked to the firm; Wipro staff could access the portal from any internet-enabled device, while they could also view large numbers of customer records at a time and export data easily.

According to the ICO, TalkTalk should have been aware of the risks and that the misuse of personal data had the potential to cause substantial damage or distress, and should have taken measures to protect against potential scams and frauds.

This is the second time the ICO has fined TalkTalk over its insufficient protection of customer data, after the firm was whacked with a £400,000 fine – a new record – last October. That fine followed a cyber attack in 2015, in which account details of around 157,000 customers were stolen. At the time Denham said TalkTalk had failed to implement “the most basic cyber security measures”.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Seven ways to get help with energy bills this winter

We knew today’s announcement was going to be painful, but it’s still a shock to the system. When this kick...

Flight cancelled or delayed? Your rights explained

With no sign of the problems in UK aviation easing over the peak summer period, many will worry whether holida...

Rail strikes: Your travel and refund rights

Thousands of railway workers will strike across three days this week, grinding much of the transport system to...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week