TalkTalk Fined £100,000
The UK’s data privacy regulator, the Information Commissioner Office (ICO), has fined TalkTalk £100,000 (U.S. $129,630.50) over a 2014 data breach wherein unauthorized employees from a third party servicer illegally contacted customers.
ICO claims that 44 employees at Wipro, an IT company based in India, had access to between 25,000 and 50,000 TalkTalk customers. Three of these employee accounts were then used to access the contact information of 21,000 customers. Many of these customers have complained about receiving phone calls from scammers claiming to be from TalkTalk.
The callers had information that would only be accessible to TalkTalk, including details about previous calls. The ICO said this information was used to gain the customer’s trust. Once trust was gained, the customer would then be asked to download software that would allow the caller to gain access to the person’s computer.
ICO Commissioner Elizabeth Denham said, “”TalkTalk should have known better and they should have put their customers first.”
TalkTalk said they notified ICO of this situation in 2014 and withdrew customer service operations from India.
This is the second fine leveled against TalkTalk due to a data breach. Last year, the telecommunications giant was fined £400,000 (nearly $500,000) for a 2015 breach in which nearly 157,000 customer accounts were exposed.
In the U.K., parliament will rule on a new data protection bill by the end of this year, which would increase the ICO’s fining power. The new rules would incorporate the European Union’s General Data Protection Regulation, which allows governing bodies to fine companies up to 4% of global annual turnover, or €20 million (about $23 million), whichever is greater.