TalkTalk has been fined a record $510,000 by the Information Commissioner’s Office(ICO) for failings over a cyber attack last year that affected more than 150,000 of its users.
Following an in-depth investigation, the ICO found that the telecoms group could have prevented the hack if it had taken basic steps to protect customers’ information.
The watchdog said the attack, which took place between 15-21 October 2015, took advantage of vulnerability in the company’s systems, that helps the hackers to access the personal data of 156,959 customers.
The ICO’s investigation found that the attacker used a common and “well understood” technique known as SQL injection to access the data.
The company also got two early warnings that it was unaware of. The first was a successful SQL injection attack on 17-July-2015 that exploited the same vulnerability in the webpages, and the second was an attack launched between 2 and 3 September.