BBC Watchdog has found that TalkTalk failed to inform 4,545 customers that their personal information was stolen in a 2015 data breach.
The customers' personal information, which included full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and bank details is believed to have been online since the 2015 breach, completely unbeknown to the customers. This left the affected individuals susceptible to fraudulent attacks ranging from scam calls to identity theft.
The most significant aspect of this latest development is TalkTalk's apparent failure to deal adequately with the original data breach. At the time of the breach TalkTalk is understood to have sent these 4,545 customers an incorrect notification which led the individuals to believe their data had not been stolen.
The reputational damage caused by a data breach can be significant. However, this incident should serve as a stark reminder to organisations that the way they handle data breaches is paramount to restoring customer confidence and preventing further harm to corporate reputation. Companies should ensure they have robust procedures in place to respond to data breaches and minimise the impact. This should include ensuring that all customers affected by a breach have been correctly notified. The ICO may even require them to take proportionate steps to ensure personal details are not left on the web. In short, take heed of TalkTalk's mistake and do not repeat it!