Telecoms company TalkTalk has been fined £400,000 over website security failings which led to the theft of almost 157,000 customer's data last year.
The cyber attack took place last October, with bank account details stolen in almost 16,000 instances.
The Information Commissioner, Elizabeth Denham, said the company's online security was so lacklustre, the hackers gained access to customer information 'with ease'.
Related: iPhone 7 review
After her office imposed the record fine, Denham said: "TalkTalk's failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk's systems with ease."
"Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations.
"TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action."
The fine accompanies the publication of an in-depth investigation into last year's data breach by the Information Commissioner's Office (ICO).
Related: Google Pixel
The investigation found that TalkTalk hosted three webpages, which became part of the firm's infrastructure following its Tiscali acquisition in 2009, that were vulnerable to SQL injections.
ICO found TalkTalk had failed to adequately asses the pages for security failures, which led to the cyber attack in October last year.
Hackers were subsequently able to gain access to customer names, addresses, dates of birth, phone numbers and email addresses, while 15,656 of the total 156,959 customers affected had their bank details accessed.
Denham added: “Today’s record fine acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue. Companies must be diligent and vigilant.
"They must do this not only because they have a duty under law, but because they have a duty to their customers.”
Watch The Refresh: The best tech gossip and reviews every week
Let us know your thoughts on the fine in the comments.