Telecoms giant TalkTalk has been fined a record £400,000 by the Information Commissioner's Office (ICO) after a huge breach of its customers' data last year.
The October 2015 cyber-attack saw the data of 157,000 people accessed after vulnerabilities in TalkTalk webpages were exploited, with stolen information including customers' names, addresses, dates of birth, phone numbers and email addresses. Financial information such as bank sort codes was also taken.
Information rights regulator the ICO has now decided to hand out its biggest-ever fine after investigating the breach and finding the firm's "failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk's systems with ease".
Information commissioner Elizabeth Denham added: "Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not – and we have taken action."
In a statement on its website, TalkTalk responded to the ruling: "[We have] co-operated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers.
"During a year in which Government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset. This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.
"As the case remains the subject of an ongoing criminal prosecution, we cannot comment further at this time."
What are my rights if I was hacked?
Unfortunately nothing out of the £400,000 raised through the fine will be going towards compensating those affected by the hack (the ICO says the money will go into HM Treasury's consolidated fund, which receives the proceeds of taxation and other Government receipts which fund public expenditure).
In the aftermath of the hack, TalkTalk's official line was that customers could ONLY escape penalty-free if they had money stolen as a direct result of the hack.
TalkTalk also said at the time that it was not in a position to make any decision about compensation.
Nevertheless, our advice then to anyone unhappy about the attack was to complain to TalkTalk in the first instance. If complaining to TalkTalk didn't work, we recommended taking your case to the free, independent Ombudsman Services.
Check out our How to Complain guide for your rights.