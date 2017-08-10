The ICO found that any internet connected device could access the data and that users could carry out wildcard searches such as “A” and received back a list of every customer with an surname beginning with “A”.

Three of those accounts were then used to illegally access data of up to 21,000 customers. The firm was hacked in autumn 2016 and plucked of the personal data of 156,959 customers including names, addresses, dates of birth, phone numbers and email addresses.

The penalty is a result of a three year investigation into the protections TalkTalk had in place when sharing data with its customer service outsourcer Wipro.

The company started investigating into the matter and reported to the ICO about the situation on September 11.

The United Kingdom’s Information Commissioner’s Office (ICO) regulator said in a statement on Thursday it has fined London-based TalkTalk Group telecommunications company 100,000 pounds ($130,000) over failure to protect personal data of thousands of its customers.

“TalkTalk may consider themselves to be the victims here”.

According to the ICO, TalkTalk should have been aware of the risks and that the misuse of personal data had the potential to cause substantial damage or distress, and should have taken measures to protect against potential scams and frauds. However, the ICO said it did not find direct evidence of a link between the compromised information and the scam call complaints.

An inquiry began in 2014 when TalkTalk contacted the ICO over suspicions that employees at Wipro were “abusing their access” to non-financial data, the company said.

“We informed our customers at the time and launched a thorough investigation, which has led to us withdrawing all customer service operations from India“.

She continued: “TalkTalk should have known better and they should have put their customers first”.

But Jan van Vliet, vice president at security firm Digital Guardian, said the explanation felt like “another case of too little too late”.

“Is it really surprising that companies such as TalkTalk continue to suffer these data breaches when they stand to face such an insignificant fine, nearly 3 years after the incident?” he noted.

The fine takes the firm’s penalties to £500,000, including a record £400,000 fine past year over a hacking attack that saw information for 157,000 customers compromised in October 2015.