U.K. telecom provider TalkTalk Telecom Group PLC has been fined a record £400,000 for a security breach that led to the theft of personal data of nearly 157,000 customers.
The U.K. Information Commissioner's Office, the British regulator that imposed the fine, said poor website security led to the mass theft of personal data in October 2015.
Information Commissioner Elizabeth Denham was quoted in an Oct. 5 BBC News report as saying that TalkTalk's failure to implement the most basic cybersecurity measures allowed hackers to penetrate its systems. She stressed that the company should, and could, have done more to safeguard its customer information.
"It did not, and we have taken action," Denham added.
ICO investigators found that attackers accessed personal data of 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In 15,656 cases, hackers had access to bank account details and sort codes.
TalkTalk called the fine "disappointing," as the company said it had fully cooperated with the ICO investigation.
The ICO said the record fine should serve as a warning to other companies to take cybersecurity more seriously.
Cybersecurity expert Mark Skilton, a professor of practice at Warwick Business School in England, said in an interview that the fine seems proportionate to the impact, but shows little regard for the possible risks and lack of due diligence of a company with 4 million subscribers.
"Even if liability insurance may have covered the possible losses of those customers, it still raises questions over digital risk governance and how necessary it is for corporates to take it seriously," Skilton said.