An ICO investigation found the company breached data protection laws after staff from an IT firm working with TalkTalk were able to access large amounts of customer data through an online company portal.
At any given moment, 40 Wipro employees have access to personal data of anywhere between 25,000 and 50,000 TalkTalks customers, which means that many individuals are always at risk, the ICO said.
In some cases, the calls followed a genuine engineering visit, and the scammers were able to give customer addresses and account numbers, helping to give legitimacy to their claim.
Personal information was at risk after an Indian firm TalkTalk used to resolve complaints failed did not have sufficient protection in place to stop the data being accessed.
The company started investigating into the matter and reported to the ICO about the situation on September 11.
"TalkTalk may consider themselves to be the victims here".
Issuing the fine, the Information Commissioner's Office said it did not find any direct evidence of a link between the information accessed by Wipro staff and the complaints about scam calls.
The Information Commissioner's Office fined TalkTalk £100,000 for leaving its customers' data open to "exploitation" when sharing the information with a third party supplier.
According to the ICO, TalkTalk should have been aware of the risks and that the misuse of personal data had the potential to cause substantial damage or distress, and should have taken measures to protect against potential scams and frauds. "TalkTalk should have known better and it should have put its customers first".
"We informed our customers at the time and launched a thorough investigation, which has led to us withdrawing all customer service operations from India".
TalkTalk was fined a then-record £400,000 by the ICO for that incident and cost the company 101,000 customers and £60 million in lost revenue.
"When the numbers of affected customers run into the thousands, you don't have to look too hard at existing security measures to question whether they are even remotely adequate for the task at hand".
But that's not to say the cybersecurity incidents did not have consequences for TalkTalk.
The fine takes the firm's penalties to £500,000, including a record £400,000 fine previous year over a hacking attack that saw information for 157,000 customers compromised in October 2015.