Reports are emerging that the Virgin Media group could be smacked with a huge compensation bill after a data breach that saw the personal information of just under a million customers freely accessible online.
Earlier this month, Virgin Media, which is owned by a US company called Liberty Global sent an email to its customers that a database of personal information on more than 900,000 users had been listed online and was easily accessible, dating back to April of 2019.
The company admitted to customers that “the information has been recently accessed,” by a third-party that likely used the personal information to fine-tune phishing emails and for potentially fraudulent and criminal activity. Virgin Media confirmed that no passwords or financial information was listed in the database, but did state that “contact details (such as name, home and email address and phone numbers), technical and product information, including any requests you may have made to us using forums on our website,” were indeed listed on the leaked database.
The result, according to InfoSecurity Magazine was that the customers implicated in the data breach were “vulnerable to scams including phishing emails, account takeovers and identity theft, with the resulting compensation claims for financial and emotional distress suffered expected to be around £5000 per claimant.”
The breach was connected to incorrectly configured settings for the database, which in some cases included details of the contract leaked to the public. Phil Muncaster adds that “this included requests to block or unblock pornographic or explicit websites, potentially enabling blackmail and extortion opportunities for fraudsters.”
Aman Johal, director at Your Lawyers who is supporting individuals wrapped up in the privacy case said that “Virgin Media failed to take steps required to keep customer data safe.”
“It is vital for the company to understand the severity of this breach. When data is left exposed online it is open season for fraudsters to scam and attack vulnerable people. Your Lawyers has formally notified Virgin Media that we are taking action and our claimant base is growing daily. We urge anyone affected by the breach to make a claim as soon as possible,” he said.
This is, in addition to possible GDPR enforcement measures, which in the most severe of cases can fine an organisation up to 4% of its annual turnover.