TalkTalk hit with record £400,000 fine for failing to prevent SQL Injection attack

UK broadband and telecoms provider TalkTalk have been hit with a record fine by the Information Commissioner for failing to adequately secure customer data. The £400,000 fine is the highest ever issued by the ICO and close to the max £500,000 the ICO can impose.

One of the reasons the fine is so high is because of the complete disregard TalkTalk had for security.

TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.
Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.

While you can do as much as you can to protect your systems from intrusion you need to perform regular checks that your systems provide adequate protection against known threats. This was TalkTalk’s failure. The attack was a very simple SQL injection attack.

Symantec Secure Site provides not only HTTPS but a daily malware and weekly vulnerability scan of your website. We can also help with specific web application scanning.