large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Virgin Media could face €20m fine for exposing details of 900,000 customers

A huge chunk of Virgin Media’s marketing database was exposed online for a 10 month period. And according to the company, at least one person has snooped on all that juicy info. This is massive breach could see Virgin slapped with the maximum GDPR fine.

In a slightly panicked statement, Virgin did its best to reassure customers that no passwords or financial details were listed in the exposed information. The only thing that could potentially have been swiped are the names, phone numbers, emails, and addresses of customers. So while you won’t see any strange activity in your bank account, you might have to brace yourself for a slew of phishing emails and cold calls.

Related: Best Wi-Fi extenders

Issuing a statement after the incident, Lutz Schüler, CEO of Virgin Media said: “We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access. We immediately solved the issue by shutting down access to this database…”

The information was accidentally exposed, rather than actively hacked, but Virgin still says that it suspects the data stash has been accessed at least once by an unidentified individual. At this stage, no-one knows the extent of that access, or if this individual has plans to use the data for dark and evil purposes.

Virgin seems keen to underline the fact that the breach was caused by insufficient protection, and definitely not a hack. But the fact that it’s down to human negligence doesn’t make the situation any better.

Related: Best VPNs for 2020

The company has reported itself to the Information Commissioner’s Office – which it has to, by law – and it may well see a fine coming its way.

According to Jonathan Compton, partner at DMH Stallard, that fine could be fairly hefty: “The maximum under the 1998 Act for data transgressions during the period that that Act was in force was £500,000. Under the new Act, the penalties rise to Euro 20m or 4% of global turnover, whichever is the greater. Fines towards the maximum of the applicable Act are likely. This was a serious breach, over a long period, affecting nearly 1m people.”

Virgin says it is in the process of getting in touch with everyone who has been affected by the breach.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.