TalkTalk fined £100000 for Wipro-related data breach

Lloyd Doyle
August 13, 2017

The ICO found that TalkTalk had breached the Data Protection Act by allowing unjustifiably wide-ranging access by external companies including Wipro, a multi-national IT services company in India that addressed complaints and coverage problems on TalkTalk's behalf, to large quantities of customers' data.

The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. They quoted customers' addresses and TalkTalk account numbers. TalkTalk should and could have done more to safeguard its customer information.

Having gained their trust, the fraudsters then took over the customers' computers in order to "fix" supposed problems and then arranged for money to be taken from the customers' bank accounts.

The ICO report referred to TalkTalk's own investigation confirming that there had been unauthorised and unlawful access by Wipro user accounts of the personal information of up to 21,000 TalkTalk customers.

The ICO said TalkTalk had "ample" time to implement appropriate measures but didn't do so.

"TalkTalk may consider themselves to be the victims here", Information Commissioner Elizabeth Denham said. "TalkTalk should have known better and it should have put its customers first".

"We notified the ICO in 2014 of our suspicions that a small number of employees at one of our third party suppliers were abusing their access to non-financial customer data", a TalkTalk spokesperson told Silicon.


The penalty is a result of a three year investigation into the protections TalkTalk had in place when sharing data with its customer service outsourcer Wipro.

TalkTalk's spokewoman highlighted that "there is no evidence that any of the data was passed on to third parties" and the U.

The incident predates the catastrophic cyberattack sustained by the company in October 2015.

The ICO launched an investigation into how customer details - names, addresses, phone numbers and account numbers - were compromised.

However, TalkTalk maintained that the data stolen was not sufficient for the attackers to steal money.

"Is it really surprising that companies such as TalkTalk continue to suffer these data breaches when they stand to face such an insignificant fine, nearly 3 years after the incident?" he noted. The firm lost a CEO, a lot of the respect that some may have had with it, and has already been given a £400,000 fine by the ICO.

Other reports by Iphone Fresh

Discuss This Article

FOLLOW OUR NEWSPAPER