Carphone Warehouse, the mobile phone retailer that spawned TalkTalk, has been slapped with a maximum £400,000 fine for the 2015 hack that exposed the personal data of more than three million customers and 1,000 employees.
The fine, by the Information Commissioner's Office (ICO), is the maximum that can be levied - until the General Data Protection Regulation (GDPR) comes into force in May.
The company was accused by the ICO of failing to adequately secure its systems, enabling intruders to easily access the data.
While Carphone Warehouse at the time claimed that it takes "the security of customer data extremely seriously", the high-profile data breach saw hackers make off with highly personal customer data, including names, addresses, phone numbers, dates of birth, marital status and, for more than 18,000 customers, payment card details.
The records for some Carphone Warehouse employees, including name, phone numbers, postcode, and car registration details were also accessed.
The ICO has been probing the incident for more than two years, and this week concluded that Carphone Warehouse had "failed to take adequate steps to protect the personal information".
Intruders were able to access the company's systems via out-of-date WordPress software using valid log-in details, which the ICO said "exposed" inadequacies in the organisation's technical security measures".
For example, elements of the software in use on the systems affected were out of date and the company failed to carry out routine security testing.
There were also inadequate measures in place to identify and purge historic data, which the ICO claims to be "a serious contravention" of Principle 7 of the Data Protection Act 1998.
Information Commissioner Elizabeth Denham said: "A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.
"Carphone Warehouse should be at the top of its game when it comes to cyber-security and it is concerning that the systemic failures we found related to rudimentary, commonplace measures."
However, Denham also acknowledges that while Carphone Warehouse's lax security measures were to blame for the data breach, no evidence has emerged that the data loss has resulted in identity theft or fraud.
Carphone Warehouse, which tells us that it'll only have to hand over £320,000 due to early payment, said in a statement sent to V3: "We accept today's decision by the ICO and have co-operated fully throughout its investigation into the illegal cyberattack on a specific system within one of Carphone Warehouse's UK divisions in 2015.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago