Cyber Security: Protection of Personal Data Online Contents


1.On Wednesday 21 October 2015, there was a cyber-attack on telecommunications and internet provider TalkTalk, which resulted in the company taking down its consumer website the same day.1 On Thursday 22 October, TalkTalk began notifying customers and the CEO, Dido Harding began a number of press interviews, in order to tell customers about the attack as quickly as possible.2 On Friday 23 October, TalkTalk said that the “significant and sustained cyberattack” was under investigation by the Metropolitan Police Cyber Crime Unit (because there had been a cyber-ransom demand) and that there was a chance that customer names, addresses, dates of birth, phone numbers, email addresses, TalkTalk account information, credit card details and/or bank details had been compromised.

2.On Monday 26 October, the TalkTalk data breach was the subject of an Urgent Question in the House of Commons. The Chair of this Committee said that the Committee would be following developments related to the cyber-attack closely. Ed Vaizey, the Minister of State for Culture and the Digital Economy, welcomed our inquiry.

3.The inquiry was formally launched on Tuesday 3 November. We heard oral evidence from TalkTalk CEO, Dido Harding, on 15 December 2015, and from the Information Commissioner, Christopher Graham, on 27 January 2016. The inquiry received 32 written submissions.

4.We wish to express our thanks to those who gave oral evidence, to those who submitted written evidence and to our specialist advisor, Philip Virgo.

1 Dido Harding oral evidence Q104

2 TalkTalk supplementary evidence CYB0030 - section 2

© Parliamentary copyright 2015

17 June 2016