Not enough 0's
TalkTalk gets record £400k slap-slap from Brit watchdog
The UK Information Commissioner's Office (ICO) has issued TalkTalk with a record £400,000 fine for allowing attackers to access customer data “with ease”. The penalty comes at the same time as the ICO publishes its in-depth investigation of last October's megabreach, which the office claims “could have been prevented if …
COMMENTS
-
-
-
Thursday 6th October 2016 08:07 GMT Random Handle
>According to the Beeb, the maximum fine is £500,000.
Yep - it needs a amending to per user not incident. Where the 157,000 had their bank details leaked maybe £10K a head dropping to maybe £1K a head for email/hashword combo. Rising up to the full whack (or higher) when someone ends up dead or injured.
Unlikely to change or attract Government interest in changing it when the company is run by a Conservative Peer of course - which is why she is worth every penny of her £2.8 million
-
Thursday 6th October 2016 13:28 GMT Anonymous Coward
I understand the sentiment, but how does sending a company to the wall, leaving customers without service and thousands of people jobless, help?
If you make penalties too harsh (in all areas of life) you just increase the incentive to not get caught. It's possible to weight the scales so that the rational choice is to spend most effort on avoiding detection rather than trying to stop the bad thing happening.
Making people personally liable is also a bad idea, for much the same reason. Security isn't improved if you can't fill the posts. I don't want my wife and kids losing their home because a contractor screwed up in work done before I'd even joined a company.
The purpose of a fine or other punishment is to provide incentive for improved behaviour. If you kill the company there is no incentive.
-
This post has been deleted by its author
-
-
-
Friday 7th October 2016 13:42 GMT Anonymous Coward
TalkTalk gets record £400k slap-slap
The penalty should be a lot more [£4 miillion] but if it's close to the max that's it. Don't forget there were two other TalkTalk data breaches before the TalkTalk website hack. Roll on 24th May 2018, after that allowing this sort of thing comes under criminal law! CEO's take note & get their lawyer to read the Irish Nationality and Citizenship Act, 2004
-
Monday 10th October 2016 08:41 GMT Lord M4x
Re: TalkTalk gets record £400k slap-slap
Irish nationality won't save you. On the 1st of August this year, the amended EU Data Protection act Regulation 2016/679 came into force.
Effectively, there is a legal obligation to disclose data breaches and a possible fine of up to 4% of GLOBAL revenue for failing to protect customer's data.
-
-
-
-
Wednesday 5th October 2016 13:59 GMT Anonymous Coward
>As a TalkTalk customer, I say good.
>That said, they'll probably put the prices up again to cut their losses, the greedy bastards.
They just paid Baroness Harding (CEO) £2.8 million in salary & incentives, £400K is a rounding error.
If you're still a TalkTalk customer, I'm sorry to say it, but you deserve to suffer (and will).
-
-
-
-
Friday 7th October 2016 19:37 GMT Anonymous Coward
Re: But why...
Well when you leave check your bill as the so**s [dirt lumps] will charge you for items you paid for up front on joining like line rental. TalkTalk will say they will adjust it in a months time. Well after all the porkies they told after losing customers data 3 times in about 12 months, I don't trust them. Atame gnat jnows more about data security than TalkTalk. If giving them a free loan for a month is OK by you do nowt. After all with a £400,000 fine to pay TalkTalk needs your dosh. Alternatively ring TalkTalk and your Bank and cancel the payment as it doesn’t meet the Direct Debit Guarantee.
I left but I'm still getting up to three scam calls a day from pople purporting to be TalkTalk as I didn't change my number and the scammers have my DOB.
-
-
-
-
-
Wednesday 5th October 2016 13:14 GMT Maverick
only my doctor, my employer. my Bank and HMRC has my correct date of birth (and I don't trust any of them not to lose it)
why does an ISP need the correct DOB?
there again my local council wanted my DOB in order that I could arrange collection of heavy electrical item (which they could recycle for profit) FFS
-
-
Wednesday 5th October 2016 13:29 GMT frank ly
Re: RE: why does an ISP need the correct DOB?
I used to think they use it to cross check for identity with your bank for direct debits or with your CC company for CC debit authority.
"Credit check"
I spend more at Asda with my CC than I do with my ISP but they never ask for my DOB. Anyway, having done a credit check, why do they then feel the need to store it, insecurely?
-
Wednesday 5th October 2016 18:16 GMT Anonymous Coward
Re: RE: why does an ISP need the correct DOB?
I spend more at Asda with my CC than I do with my ISP but they never ask for my DOB.
I think you'll find that you did give your DOB to your credit card provider, and what's more they've got access to a whole lot more data on you than you think you provided.
-
-
-
-
-
-
Wednesday 5th October 2016 13:45 GMT A Non e-mouse
The thing that puts me off moving to Andrews and Arnold ISP is that apparently Talk Talk is part of their backhaul.
From the A&A Website:
It is important not to confuse the carriers we are talking about here with retail offerings from other telcos. For example, BT Retail offer various broadband services, and whilst they use the same back-haul network, the services they offer depend very much on their business model and their equipment which is different to ours. So just because you have heard bad things about a particular retail offering does not mean their carrier / wholesale back-haul network is bad in some way. This is particularly important when considering issues such as shaping policies or censorship - the back-haul networks we use are transparently passing PPP packets between you and us and we bypass any such measures used in their retail offerings.
Also, TT Backhaul is selectable, depending on the service you want from A&A.
-
-
Wednesday 5th October 2016 13:29 GMT Andy Non
TalkTalk street hawkers
One of their street hawkers collared me again this morning in the town centre.
Him "Do you have broadband sir?"
Me "Are you TalkTalk?"
Him "Yes, for my sins."
Me "I wouldn't join TalkTalk if you were the last ISP on the planet."
Him "Why is that?"
Me "Because you have a terrible reputation for customer service. You are wide open to hackers; and the person at the head of your company talks crap."
Him "Oh." Looking somewhat sullen.
Things must be bad, considering how many of these street hawkers they've got scattered around different town centres and street corners trying to pimp TalkTalk contracts.
-
-
Wednesday 5th October 2016 18:21 GMT Anonymous Coward
Re: TalkTalk street hawkers
So at least some of their drone training works.
I'm no bleeding heart liberal, but can we be a bit more polite about people doing crappy sales jobs than "drones"? I know as well as you do how irritating it is, but these people are simply earning a living, doing what they're told for money in a way that seems to be compliant with law.
I've done some shitty jobs in my time, I'd guess you might have. We all do what we have to in order to get by. Calling somebody a "drone" because of the job they have is a bit insulting, surely.
Now, if they're an out and out cunt, that's different, but that's generally unrelated to the job they do (insert lawyer jibes here).
-
-
Wednesday 5th October 2016 21:57 GMT Captain DaFt
Re: TalkTalk street hawkers
You really need to learn how to short out what little brains the hawkers have.
-Him "Do you have broadband sir?"-
Me: "Well that's damned personal from a complete stranger! Just because a someone's a bit overweight doesn't give you the right to harass them!" <stalk off indignantly>
-
-
Wednesday 5th October 2016 14:22 GMT Dwarf
Not the first time
Pity its only £400K. As 150K customer details were leaked. That puts the value of our personal details at £2.66 each which seems a little on the low side !!
There is a trend here though. This time around it cost them 60 Million and 101K customers Other sites claim 200K customers walked.
Previously in 2011 they were fined £3M fine for bogus billing - The Reg article from 2011
I wonder if they will ever learn that its cheaper to do it right and that your customers will be more likely to stay around.
Whats more worrying though is that they still claim 3.9 million customers.which means that only 10% of the customer base walked, so there are a heck of a lot of uninformed or thick skinned people out there who just accept low customer service as the norm.
-
Thursday 6th October 2016 23:36 GMT John Brown (no body)
Re: Not the first time
"Whats more worrying though is that they still claim 3.9 million customers.which means that only 10% of the customer base walked, so there are a heck of a lot of uninformed or thick skinned people out there who just accept low customer service as the norm."
Attention spans. The last TalkTalk data breach made national news headlines. But most people have forgotten about it now. The average consumer, at best, will probably remember TalkTalk was all over the media a while ago and likely remembers the name but not why. It's all about brand awareness. Preferably with good connotations rather than bad, but time blunts that to simply "awareness" of the name. If they can manage to keep their noses clean for another 12 months (doubtful based on past performance) then they will likely be back where they started in terms of customer numbers.
-
Wednesday 5th October 2016 16:08 GMT JayBizzle
Quote taken from BBC:
TalkTalk said the fine was "disappointing" as it had "co-operated fully" with the investigation.
"The TalkTalk attack was notable for our decision to be open and honest with our customers from the outset. This gave them the best chance of protecting themselves."
This is the bit that really got on my nerves; we gave customers the best opportunity to fix the consequences from our mess. They did F' all to help customers and caused worry and stress. They then also caused a number of companies pain by having to replace bank cards, extra fraud checks, handle extra phone calls etc. who pays for that?
Then Talk Talk is still disappointed in the fine? *Seething!* Total boycott of this company is required.
So much rage about them giving zero fucks about their customers, I could rant about it this for a while.
-
Wednesday 5th October 2016 16:45 GMT teebie
For an 'open and honest'? reaction they said a lot that wasn't true, such as claiming the details were stolen in a DDOS attack, and that their security was in some way adequate.
Although I concede that the Dunning–Kruger effect says they might be such shufflewits that this isn't technically lying.
-
-
Wednesday 5th October 2016 22:35 GMT ShaunS
As a TalkTalk customer who has received more than 60 of these scam technical virus phone calls in the past year, I am please to see TT get a fine.
I would like to see fines set at the exact figure of the CEO salary and bonus for the year. This might send the message home to the board more effectively.
-
Thursday 6th October 2016 00:24 GMT Anonymous Coward
Oh no.....management of some SMEs that are "not proactive" on updates and patches have slightly opened an eyelid when they heard "TalkTalk's security failures extended to ignorance that its database software – which was unspecified – was not only outdated, but in fact so old that it was no longer even supported by the provider.".
The Watchdog should have said that they only got 400.000 becuase the loss of a million customers sufficed as evidence that customers recognize crap more easily than managers or boardmembers.
-
Thursday 6th October 2016 09:53 GMT Domquark
Wouldn't Trust 'Em
A customer of mine has Talk Talk. He had a very specific issue with Talk Talk TV, which was resolved with a phone call to the Indian-based help desk. 10 minutes later, he received a call from someone claiming to be from Talk Talk. As proof that he was who he claimed to be, the person described (in detail) my customers [previous] specific issue that he had had with his TV. You can probably guess the rest, turn on your PC, go to this website, let me take control etc. etc.
Needless to say, when I got there it took me an hour to remove all the rootkits/malware that the "Talk Talk Representative" had installed.
Of course the question is, how did the second (dodgy) rep know about the first phone call? They must have been in the same call centre, with reps giving the details of customers to the dodgy ones. So, if you ever wonder how they get your details, that's how... After all, how can the supplier (Talk Talk) properly regulate the quality and privacy of a service that they buy from a third party 10,000 miles away?
-
Thursday 6th October 2016 13:59 GMT Anonymous Coward
Yep still cheaper to ignore security.
Until companies, and most importantly their investors, lose everything security will never get the attention it needs. We found that out with worker rights, environment and other issues.
Even with the protections we put in place companies still kill workers unnecessarily, dump waste into the environment and defraud customers because sometimes it's pays.
-
Thursday 10th November 2016 12:42 GMT Matrix999
Why aren't I surprised
Talk Talk can not do anything right. In my opinion and from what I have read in various magazines I subscribe to which are all computer related, Talk Talk always have a exceedingly large volume of complaints from Ofcom. We were with Tascali before Talk Talk took over and immediately I anticipated problems. I was right. First there was an issue with a bill which we paid which they confirmed they received and we even provided evidence. We were told "Yep, all resolved, we can see you paid". Weeks later a letter in the post asking for the money. It dragged on for months. My partner was in tears because it was her account. Every time we rang their system was either down or they did not know the latest update so we got harassed. They did not appear to be working from a central database system so if we spoke to another person they would be clueless about what the update was. Another thing I read is when customers cancel, they still get billed. After our horrible experience we canceled and sure enough, we got a bill. It was an absolute nightmare! I am now with with another ISP.
Back to the issue with stolen personal details. Apparently the maximum fine is £500k. Talk Talk got fined £400k.The worse thing about this is Talk Talk did not inform their customers until a year + later! I read it was more people impacted than what people are saying. Let's just say I would not go back to Talk Talk if they offered me their services for free. In the UK they need to be more strict though when it comes to laws/
I would no go back to using Talk Talk if they offered their service for free. Everything about them is true. They are one of the worse companies in the UK when it comes to service. It was a lovely Scottish woman that helped us at the end and managed to update our details so we were no longer hassled but our issue should have been resolved immediately. Do yourself a favour and stay clear. If you do not have any complaints I am assuming it is because you have never had to contact their support so count yourself lucky!
Talk Talk promote X Factor so they can attract youngsters to sign up. Horrible company.