TalkTalk statement

“TalkTalk has cooperated fully with the ICO at all times and, whilst this is clearly a disappointing decision, we continue to be respectful of the important role the ICO plays in upholding the privacy of consumers.

“During a year in which Government data showed nine in ten large UK businesses were successfully breached, the TalkTalk attack was notable for our decision to be open and honest with our customers from the outset. This gave them the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business.

“As the case remains the subject of an ongoing criminal prosecution, we cannot comment further at this time.”

Notes to editors

  • On Wednesday 21st October, while investigating latency on the talktalk.co.uk website, TalkTalk discovered that it had been attacked

  • We took key websites offline and, after receipt of a credible ransom demand, informed law enforcement agencies and the security services

  • The ICO was also notified in line with our statutory obligations

  • Customers were informed on Thursday 22nd October as we worked to establish exactly what had happened and who had been affected

  • We kept customers updated throughout this time, giving them advice on how to protect themselves from scammers. We also offered every single customer 12 months’ free credit monitoring  

  • After a full investigation, it was established that the total number of customers whose personal details were accessed was 156,959.

  • There is no evidence to suggest any customers have been impacted financially as a direct result of the attack, but we have launched a nationwide educational campaign, called Beat the Scammers, to help customers (and the wider public) keep themselves safe from fraudsters

  • Recent ICO fines for data theft/loss include:

    • August 2015: the Money Shop Ltd was fined £180,000 for the loss of an undisclosed number of customer details (including financial information), of which only a few were encrypted

    • February 2015: Staysure.co.uk was fined £175,000 for the loss of up to 100,000 live credit card details (including security numbers) and medical records; 5,000 customers had their cards used by fraudsters as a result

    • November 2014: WorldView was fined £7,500 after the credit card details (including security numbers) of 3,800 customers were stolen by hackers

Your cookie options

We use essential cookies to make our site work, and to give you the best browsing experience. we and our partners can store and access personal information on your device to provide a more personalised browsing experience, which may be used for personalised and non-personalised advertising. View our cookie policy.

*Rejects all but essential cookies

Essential & Functional Cookies

Always on

Essential Cookies are also sometimes called “strictly necessary” they are automatically dropped onto your computer, tablet or mobile when you access our websites as they are essential for our website to function correctly.

Functional cookies allow us to remember any preferences you`ve made and we use them to improve your online experience. These cookies are anonymous and don’t track browsing activity across other websites.

Other cookies

Customizable

• Personalisation & Re-targeting cookies

Personalisation cookies help us to tailor our website based on your interests. They tell us how you`re using the site, so we can show you products and offers that might be of interest to you.

Targeted cookies are used by advertisers on our website. They track your browser when you visit different websites to understand what you`re interested in and use this information to display more relevant adverts to you on other websites.

• Analytical & Tracking Cookies

Analytical & Tracking cookies are used to track visitors on the website. How you browse, how long are you staying on the site, what you are looking at and when you have made a purchase. They are essential in measuring customer experience, the performance of a website, and to optimise it.