How about fining BT for also failing to disclose the breach.
BT quietly dropped Yahoo mail in Spring 2014, just stating they were switching BT customers over to BT Mail, without ever informing their users that it was likely a breach of their data had taken place.
All the signs seem to indicate BT knew, but didn't disclose.
As always, BT's cosy 'Fcuk buddy' Ofcom should investigate, but don't hold your breath.
Also Ofcom, maybe look at BTRetail via BTOpenreach double charging line rental on the migration day between providers, it's only £0.63, but per customer that's more than anyone has paid in fines for this.