“A 2015 data breach at UK ISP TalkTalk has landed the company with a £400,000 fine from the national data protection agency — a record penalty for the ICO to hand out, although £100k shy of the current maximum it can impose.
The breach in question dates back to October 2015 when data from nearly 157,000 TalkTalk customer accounts was stolen from its website by hackers. Shortly after, police arrested two teenage boys in conjunction with the hack, although the investigation remains ongoing. A total of six arrests have been made, according to the BBC.
While the size of the data breach was not as large as initially thought, and the number of TalkTalk customers whose bank account or partial credit card details were taken was smaller still (in the tens of thousands), the ease with which hackers were able to penetrate the ISP’s security systems and make off with sensitive data led to widespread condemnation.
Hackers used an SQL injection targeted at vulnerable webpages which TalkTalk had taken over after its acquisition of another UK ISP, Tiscali. Two earlier attacks target.”
Author: Natasha Lomas