Negligence will aggravate Virgin Media fine, lawyers warn

Negligent data management at Virgin Media has exposed the personal details of 900,000 of its customers, after a database was left unsecured for ten months, and during which period was accessible online.

The database, was had been "incorrectly configured" by a member of staff, was a marketing database containing telephone numbers, home and email addresses.

Partner at city law firm DMH Stallard, Jonathan Compton says the company can expect a large fine.

"One of the key principles of the 1998 Act and the more recent EU based Data Protection Act 2018 is the obligation on data handlers to keep that data secured. The Virgin Media database was accessed at least once and the company is not able to tell the identity of the user concerned.

"It is important to note that this was not a case of a secure database being hacked. No, this was an “error by a member of staff not following correct procedures”.

"The maximum fine under the 1998 Act for data transgressions during the period that that Act was in force was £500,000. Under the new Act, the penalties rise to E20m or 4% of global turnover, whichever is the greater.

"Fines towards the maximum of the applicable Act are likely. This was a serious breach, over a long period, affecting nearly 1 million people. The situation is aggravated by the fact that this was not the result of a hack but the result of negligence."

Cyber security specialist at ESET, Jake Moore said leaving data insecure “should seriously be a thing of the past” but that this major gaffe shows that some companies are completely unaware of exactly where their data is and how vulnerable it may be to cyber attacks.

“Whilst no passwords or bank details were under any risk of compromise, this is still enough for a cyber criminal to take advantage of. Usually, the next step for attackers will be to follow up with phishing emails enticing customers to divulge further information. Coupled up with Virgin’s broadband outage in the week, this could be a particularly good target for malicious actors to prey on,” he added.

    Share Story:

Recent Stories

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021