Negligence will aggravate Virgin Media fine, lawyers warn

Negligent data management at Virgin Media has exposed the personal details of 900,000 of its customers, after a database was left unsecured for ten months, and during which period was accessible online.

The database, was had been "incorrectly configured" by a member of staff, was a marketing database containing telephone numbers, home and email addresses.

Partner at city law firm DMH Stallard, Jonathan Compton says the company can expect a large fine.

"One of the key principles of the 1998 Act and the more recent EU based Data Protection Act 2018 is the obligation on data handlers to keep that data secured. The Virgin Media database was accessed at least once and the company is not able to tell the identity of the user concerned.

"It is important to note that this was not a case of a secure database being hacked. No, this was an “error by a member of staff not following correct procedures”.

"The maximum fine under the 1998 Act for data transgressions during the period that that Act was in force was £500,000. Under the new Act, the penalties rise to E20m or 4% of global turnover, whichever is the greater.

"Fines towards the maximum of the applicable Act are likely. This was a serious breach, over a long period, affecting nearly 1 million people. The situation is aggravated by the fact that this was not the result of a hack but the result of negligence."

Cyber security specialist at ESET, Jake Moore said leaving data insecure “should seriously be a thing of the past” but that this major gaffe shows that some companies are completely unaware of exactly where their data is and how vulnerable it may be to cyber attacks.

“Whilst no passwords or bank details were under any risk of compromise, this is still enough for a cyber criminal to take advantage of. Usually, the next step for attackers will be to follow up with phishing emails enticing customers to divulge further information. Coupled up with Virgin’s broadband outage in the week, this could be a particularly good target for malicious actors to prey on,” he added.

    Share Story:

Recent Stories

Your people and the pandemic: Are you doing enough?
Employee health, well-being and security have always been a vital part of risk management, and as organisations seek ways to ensure a smooth, successful and sustainable return to operations amid the evolving environment, careful consideration has to be given to all these areas, and quickly. Published August 2020

Responding to COVID-19: A safe and secure return to work
Learn more from the experts that worked on the recovery of the Diamond Princess. Published July 2020