After conducting their investigation of the cyber attack, the ICO have issued TalkTalk a record fine of £400,000 for security failings that allowed the attacker to access customer data “with ease”.

Their investigation concluded that TalkTalk had failed to have in place the appropriate security measures to protect the personal data it was responsible for. This breached the seventh principle of the Data Protection Act.

The monetary penalty notice issued to TalkTalk is available on the ICO’s website here.