Reply to post:

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief


""It wasn't encrypted, nor are you legally required to encrypt it," she told the newspaper. "We have complied with all of our legal obligations in terms of storing of financial information.""

Let's see what the Data Protection Registrar has to say about that!

"But the company did reveal that some credit card information had been snatched."

If they in anyway stored the 3 digits from the back of the card then they broke PCI-DSS rules - which are a legally binding contract.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021