Telecoms company TalkTalk has been fined a record £400,000 for security failings over a cyber attack last year which allowed customer data to be accessed "with ease".
The Information Commissioner's Office said the attack last October could have been prevented if TalkTalk had taken basic steps to protect customers' information.
Personal data of 156,959 customers including names, addresses, dates of birth, phone numbers and email addresses was said to have been accessed.
Information Commissioner Elizabeth Denham said: "Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue.
"Companies must be diligent and vigilant. They must do this because they have a duty under law, but they must also do this because they have a duty to their customers."