I recently published a post about the Data Protection Act consequences of cyber crime
In that post I gave a couple of examples of enforcement action taken by the Information Commissioner's Office. Those examples have been eclipsed by the news today that Talk Talk has been fined a record £400,000 by the Information Commissioner as a result of the well reported data breach it suffered in 2015.
The data breach had a huge impact on Talk Talk customers: over 150,000 customers’ details were accessed by hackers. Details accessed included names, addresses, dates of birth, email addresses and phone numbers. Even more seriously, over 15,000 customers had their bank account details accessed. With the overwhelming likelihood that the data taken was passed on to other parties for fraudulent activity, the fallout from this single data breach may be massive.
The tragedy in this case was that a fix had been available for over 3 years for the virus used in the attack. There had also been two earlier attacks on Talk Talk of the same nature (SQL injection attacks), in the same year but no action had been taken because insufficient monitoring measures were in place.
Continuing the ICO’s efforts to persuade business to make data security a board level priority, the Information Commissioner had this to say:
"Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant. They must do this because they have a duty under law, but they must also do this because they have a duty to their customers."
We are able to advise and assist you in reducing the risks of cyber crime and DPA sanctions. Where a data breach is suffered, early advice should be sought in order to minimise the damage caused to your business and to any individuals whose personal data has been exposed.
DMH Stallard have a dedicated team of Cyber Crime specialists who can advise on this and other related matters. For more information contact: