An ICO investigation found the company breached data protection laws after staff from an IT company working with TalkTalk were able to access large amounts of customer data through an online company portal. The investigation was launched after TalkTalk received complaints from customers who were receiving what they described as scam phone calls, but the ICO said it did not find direct evidence of a link between the compromised information and the scam call complaints.
According to the investigation, part of the staff at Wipro, the company hired to solve complaints and network problems on TalkTalk’s behalf, used the portal to gain unauthorised access to customer data. Employees at Wipro had access to the data of between 25,000 and 50,000 TalkTalk customers, and three accounts linked to the firm were used to gain unlawful access to the data. Account holders could log into the portal from any internet-enabled devices and carry out broad searches that enabled them to view up to 500 customer records at a time.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now