TalkTalk loses its appeal against £1,000 data breach penalty

ICO fine stands after TalkTalk fails to report breach quickly enough

TalkTalk has lost an appeal against a 1,000 fine imposed as a result of a data breach it suffered last year.

The Information Commissioner's Office (ICO) fined the telco for not reporting the breach within 24 hours after discovering it, but TalkTalk appealed.

Information tribunal judge Angus Hamilton wrote in his decision: "The sole issue in dispute in this case is when TalkTalk could rightly be said to have detected' the personal data breach or to have acquired sufficient awareness' of the breach."

Advertisement - Article continues below

A TalkTalk customer (A) first noticed the breach when they accidentally found they had access to another customer's (B) personal data on 16 November 2015.

Customer A phoned B to notify them, and B subsequently phoned TalkTalk about the breach later that day, before following up with a letter on 18 November, and informing the ICO.

When the ICO wrote a letter to TalkTalk about the breach on 20 November, TalkTalk's CISO, Mike Rabbitt, replied to acknowledge he had read it.

Rabbit then wrote to the ICO on the 27 November to say TalkTalk was investigating the incident, but had not confirmed whether a personal data breach had occurred. TalkTalk did not notify the ICO that a data breach had occurred until 1 December.

Advertisement - Article continues below

TalkTalk appealed against the subsequent 1,000 penalty, arguing it had only acquired "sufficient awareness" of the breach after concluding its own investigation on 30 November.

However, the tribunal found that the customer's letter gave sufficient detail to prove that a breach had occurred, and that TalkTalk could not come up with another explanation for the incident other than a personal data breach.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020

10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020
Microsoft Windows

Microsoft puts Windows development on lockdown

25 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020