Virgin Media could be liable to pay up to £4.5bn in compensation following the company’s data breach, in which the details of 900,000 customers were freely available online for hackers to exploit for 10 months. This has left the victims vulnerable to scams including phishing emails, account takeovers and identity theft, with the resulting compensation claims for financial and emotional distress suffered expected to be around £5000 per claimant.
Aman Johal, director at Your Lawyers, the legal firm supporting those affected in taking action, stated: “Virgin Media failed to take the steps required to keep customer data safe. It is vital for the company to understand the severity of this breach. When data is left exposed online it is open season for fraudsters to scam and attack vulnerable people. Your Lawyers has formally notified Virgin Media that we are taking action and our claimant base is growing daily. We urge anyone affected by the breach to make a claim as soon as possible.”
The breach was caused by an incorrectly configured database, and exposed sensitive customer information such as full names, email addresses, dates of birth and contact numbers since at least April 19 2019. Additionally, some customers had details of their contract exposed. This included requests to block or unblock pornographic or explicit websites, potentially enabling blackmail and extortion opportunities for fraudsters.
Johal added: “This is a serious breach of consumer rights and it’s time companies like Virgin Media abide by the law and implement stricter cybersecurity measures to protect its customers from future data breaches. There’s simply no excuse now given the volume of preceding breaches, and this was an avoidable event. Even though the breach occurred due to ‘human error,’ we must hold Virgin Media to account.”
It is believed that Virgin Media could be facing other financial costs as a result of its mistake, in the form of a large GDPR fine.