Virgin Media has been blasted for ignoring customer requests for details on last year’s data breach – which hit over 900,000 subscribers – amid claims it is “fobbing people off with an empty apology and sod all else”.
The incident dates back to April 2019 when Virgin Media claims a “staff error” meant that a customer marketing database was left unprotected on the Internet until February 2020, when a data security firm spotted the issue and reported it to the company.
At the time, Virgin wrote to all those affected but insisted that only name, home and email address and phone numbers, technical and product information, and, in some cases, date of birth, had been compromised.
However, the security firm subsequently claimed that it had also found requests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses and IMEI numbers associated with stolen phones.
It also discovered subscriptions to the different aspects of Virgin Media services, including premium components; the device type owned by the user, where relevant; the “referrer” header taken users’ browser, containing details on the previous website that the user visited before accessing Virgin Media; and form submissions by users from their website.
The details were accessed by an unknown third party at least once, with the majority of victims being customers with TV or telephone landline accounts, while a smaller percentage of Virgin Mobile customers were also affected.
The case is already the subject of a £4.5bn legal action but one Virgin Media customer has contacted Decision Marketing after making a data subject access request to Virgin Media to try to find out what information it had in fact leaked on her.
She said: “There has been a lot of media coverage about the details which were supposedly compromised so I want to know what they have lost on me. I think that’s a reasonable request, considering the seriousness of the issue.
“However, the complaint resolution from Virgin was, quite frankly, pathetic at best and deliberately obstructive at worst. The email simply repeats how sorry they are and that the only data that was compromised was contact details etc.
“There has been no offer of compensation, not even a free upgrade; nothing. I recognise I’m only one customer, but I can only assume they are fobbing everyone else off with this empty apology, offering sod-all else and refusing to co-operate. It is simply not good enough.”
Virgin Media has yet to comment on the issue, although the Information Commissioner’s Office investigation is ongoing.
At the time the breach was exposed, Jonathan Compton, a partner at City law firm DMH Stallard, said the company should brace itself for the worst. He added: “It is important to note that this was not a case of a secure database being hacked. No, this was an error by a member of staff not following correct procedures. The company can expect a large fine.
“This was a serious breach, over a long period, affecting nearly 1 million people. The situation is aggravated by the fact that this was not the result of a hack but the result of negligence.”
Virgin Media has 4 weeks to settle breach case ‘or else’
We can screw Virgin Media for billions, claims law firm
Virgin Media customers urged to join data breach action
Virgin accused of covering up full extent of data breach
Oops we did it again: Virgin Media gaffe hits 900,000
‘Schoolboy error’ condemns Virgin Media data yet again
Virgin Media shoots itself in foot over phishing attack
Virgin Media in dock again as it cuts off ‘dead customer’
Scammers access Virgin Media data for phishing attack