Following the cyber attack on TalkTalk in October 2015, the ICO has issued the telecoms company with a 400,000 fine. The commissioner, under paragraph 44 of the penalty notice, explained that a monetary penalty was appropriate since the breach constituted a serious contravention of the seventh data protection principle and that:

"The contravention was of a kind likely to cause substantial damage and substantial distress. The Group knew or ought to have envisaged those risks and it did not take reasonable steps to prevent the contravention."

ICO's in-depth investigation