UK telecoms firm TalkTalk has been fined a record £400,000 for poor data security which led to the theft of the personal data of nearly 157,000 customers.
The cyber attack on its website took place in October last year.
The Information Commissioner, which imposed the fine, said the firm's security was so poor that the attack succeeded "with ease".
In nearly 16,000 cases, the attacker was able to steal bank account details.
The Information Commissioner, Elizabeth Denham, said: "TalkTalk's failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk's systems with ease."
"Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.