TalkTalk has been handed a record £400,000 fine for security failings that enabled cyber hackers to steal customer data.
The telecoms firm fell victim to a cyber attack in October last year, with hackers obtaining the personal details of nearly 157,000 customers, including their names, addresses and dates of birth.
In more than 15,000 instances, the attacker also gained access to bank account details and sort codes.
The Information Commissioner's Office (ICO), which issued the fine, said the cyber attacker had been able to access customer data with ease, as TalkTalk had failed to take basic steps to safeguard this information.
Information Commissioner Elizabeth Denham commented: "Yes, hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.
"TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action."
Ms Denham stated that despite TalkTalk's expertise and resources, it was "found wanting" when it came to the basic principles of cyber security.
She added that the record fine should serve as a warning to others that cyber security is a boardroom issue, not an IT issue.
"Companies must be diligent and vigilant," Ms Denham said. "They must do this not only because they have a duty under law, but because they have a duty to their customers."
TalkTalk has responded by stressing that it has cooperated fully with the ICO at all times and was open and honest with its customers from the outset.
This, it said, gave them "the best chance of protecting themselves and we remain firm that this was the right approach for them and for our business".
The announcement comes after TalkTalk confirmed that it lost 9,000 broadband customers between April and June 2016, which suggests that last year's data breach has prompted some people to switch to alternative providers.