» ISP News » 

Law Firm Claims Virgin Media Data Breach Victims Due £5k Each

Friday, April 17th, 2020 (9:02 am) - Score 57,599
internet and uk computer law

Cable TV and broadband ISP Virgin Media UK appears to be facing the prospect of a “group litigation” (class action) lawsuit from Your Laywers, which claims that the operator’s failure to protect the personal details belonging to 900,000 of their customers could result in each being able to claim £5,000 (c.£4.5bn total).

At the start of last month Virgin Media revealed that the personal details belonging to 900,000 of their customers had been exposed by an “incorrectly configured” marketing database (here), which had apparently been “accessed on at least one occasion” but they didn’t know by whom or if any information had actually been used (the database is understood to have been accessible since 19th April 2019).

Initially the operator announced that the database itself had contained the names, home addresses, email and phone numbers of both customers and potential customers alike, but NOT passwords or financial details. But it later transpired, via internet security firm TurgenSec, that the database also contained a lot of other data for some customers (e.g. IP addresses, requests to block or unblock various pornographic sites etc.).

All of this information was in plaintext and unencrypted, which effectively meant that anyone browsing the internet could clearly view and potentially download all of it without needing any specialised equipment, tools, or hacking techniques. “Anyone with a web-browser could access it,” claimed TurgenSec after discovering the database. Virgin promptly closed the database and notified affected customers soon after becoming aware.

Queue the Lawyers

At present the Information Commissioner’s Office (ICO) is already known to be conducting an investigation, but in an unusual twist we’ve now learnt that law firm Your Laywers is collecting interest from those affected by the breach and appears set to launch a group action against Virgin Media.

If you’ve been notified by Virgin Media that your data was exposed during the breach incident, then you could be entitled to claim thousands of pounds in compensation,” says the firm (up to £5,000 per customer is one suggested figure). As you might expect this is one of those “no win, no fee” style firms, which will of course have a vested interest in making such things look as financially attractive as possible.

Over the past couple of years a new wave of group litigation under UK data protection legislation has cropped up (we’ve seen cases started against data breaches at British Airways, Morrisons etc.), which have potentially placed additional liabilities upon businesses; as if the possibly huge fines under GDPR weren’t worry enough.

According to the ICO, damages for breach of data protection legislation may be “material” (e.g. financial losses) or “non-material” (e.g. distress) and indeed previous cases have shown that damages may be awarded for a “loss of control” over personal data, even in the absence of pecuniary loss or distress.

In this case it appears as if Your Laywers intend to claim compensation for both financial and emotional distress, although it’s unclear how they’ve arrived at the £5,000 figure suggested in one article. Normally you’d have to prove this (e.g. a start would be to show that somebody had actually abused the data) but, as above, damages could conceivably still be awarded for just a “loss of control” over the data itself.

Aman Johal, Director at Your Lawyers, said:

“Your Lawyers has formally notified Virgin Media that we are taking action and our claimant base is growing daily. We urge anyone affected by the breach to make a claim as soon as possible.

Virgin Media failed to take the steps required to keep customer data safe and it is vital for the company to understand the severity of this breach.

There’s simply no excuse. This was an avoidable event, and we must hold Virgin Media to account.”

One key challenge here is that the case law around claims for the loss of control of data is still evolving and we have yet to see how any court will give effect to that in practice. Meanwhile the idea that Virgin Media could end up paying out billions of pounds does seem a touch unrealistic as few businesses could realistically survive such an outcome, especially when no financial details were exposed.

As for that Morrisons case, the claim for compensation against them recently hit a problem after a ruling found that the company is not vicariously liable for the acts of the employee. Each case is different and a court will probably still need to see some demonstration of harm. If any money were to be awarded, such as for loss of control over the data, then we suspect it would be for a far more modest figure than £5k.

Telecoms Lawyer, Neil Brown of decoded.legal, told ISPreview.co.uk:

“Unless there is some particularly unusual circumstance, it seems unlikely to me that a court would give £5,000 to someone simply because they were involved in a breach, without some actual demonstration of some kind of harm. While a court might make an award for loss of control of personal data, I’d have thought it would be far more modest.”

Naturally Virgin Media has not commented, as is standard practice where lawsuits are concerned.

Leave a Comment
37 Responses
  1. Avatar CarlT says:

    Seems legit.

    I guess lockdown prevents chasing of ambulances.

    1. Avatar joe says:

      And that PPI gravy train is running out!

  2. Avatar joe says:

    There is absolutely no excuse for plain text data of this type under any circumstances. Unforgivable.

    But if this data was accessed once and no harm has been found then the ICO should deal with it not claims lawyers. This is everything thats wrong with the dysfunctional system sadly…

    1. Avatar Buggerlugz says:

      Thanks for those responses Virgin Media.

    2. Avatar joe says:

      If you have nothing useful to say jog on and leave this to the adults….

    3. Avatar CJ says:

      Distress alone is sufficient harm to claim compensation, at least while EU law still applies. This was established by the Court of Appeal in the case of Google v. Vidal-Hall.

      The ICO won’t force them to pay compensation to individuals, it must be claimed. Although £250 is a more realistic amount for the courts to award for distress alone and it doesn’t need a claims lawyer involved, there is plenty of free advice online about sending a letter before action and if necessary filling a claim in the small claims court.

  3. Avatar M says:

    VM must be rubbing their hands with glee right now from the prospect of offsetting those fines and costs for better security on everyone’s bills for the next few years. .

    1. Mark Jackson Mark Jackson says:

      Realistically speaking, on that idea alone, they’d actually be far more concerned about losing customers by having to make their services more expensive than planned, and thus less competitive, in what is a very aggressively competitive market.

      Raising prices generally doesn’t result it more customers, but less. Operator’s aren’t stupid, they know there’s a fine balancing act between the need for profit and managing your costs. The COVID-19 impact will also make people more budget conscious and protective of the money they have, Virgin know that too.

  4. Avatar VM says:

    More likely we all end up no win but end up fee!

  5. Avatar VM says:

    11. What Happens if you Lose

    You do not have to pay any of the basic charges or success fee.

    You do have to pay:
    Your opponent’s legal charges and disbursements.
    Your disbursements.

    1. Avatar Derek Scott says:

      Not if the lawyer takes out insurance to cover the no win and a lot do.

  6. Avatar Ben Hopwood says:

    I doubt Virgin will contact anyone anyway, even if there was a breach! It means they will be admitting liability which they will not do for the reason of this suing culture.
    I’m actually more annoyed that they keep putting prices up on us existing loyal customers and then giving away Internet to new customers. It’s disgusting!

    1. Mark Jackson Mark Jackson says:

      They already contacted those listed in the database and went public with the problem, which is actually required by the new data protection law.

    2. Avatar Sue Morcumb says:

      I totally agree with you. It annoys me too. They are always giving all the best deals & new TiVo boxes or fast Broad band speeds to new customers. The price of my subscription goes up but the service goes down. When areVirgin Media going to think about their Loyal Customers? Their Bread & butter money every month given to new customers. I would consider making a claim about the loss of privacy. 5K would be very nice. Thank you.

    3. Avatar Gillian Palmer says:

      To be fair ,Virgin Media did confirm their breach in an email to me.

    4. Avatar David Murphy says:

      I had an email from them last month.

    5. Avatar Martin Porter says:

      This is exactly why, after 24 years of loyal cable service, I have finally decided to defect. They wanted £61.50 per month after my last £53 per month year “deal” expired. The lowest they could go to after I put the wheels in motion was £49 per month. Sky offered all-in for £37/month for 18 months plus a £100 credit on initial bills. Haven’t had the TV fitted yet due to COVID19, but so far just found the phone line’s not always so clear, but then I now get 24/7 calls included, and to all mobiles. You win and lose I guess, but could no longer really justify the higher prices.
      It certainly seems like new customers are all that matters these days sadly.

  7. Avatar Buggerlugz says:

    Indeed, they texted me, even though I left them last August.

  8. Avatar Mary Jones says:

    How do I know if I’ve been effected!?

    1. Avatar Rob haslam says:

      You would have had a email off virgin media stating so

  9. Avatar Malik says:

    Hey Mark,

    I may have missed the details in article but when did the breach occurred? I was questioned by the police for misuse of my IP address and was not even aware of it.

  10. Avatar Timeless says:

    No wonder Bransons after a government bailout now.

    1. Avatar Ryan says:

      Virgin Media is not owned by Richard Brandon, he sold it in 2013, Liberty Global has owned it since.

  11. Avatar Marco says:

    They said no passwords were held on the database yet I have received a raft of emails from scammers stating they know my Internet password and the one they quote – is my Virgin Media password! A coincidence, I think not!

    1. Mark Jackson Mark Jackson says:

      The no passwords claim was supported by the independent security firm that found the database. I’d suggest you may have another problem and might want to try this site:


  12. Avatar Derek House says:

    Do I claim individually or do the law firm claim for me? I have the email so what do I do now?

    1. Avatar David Murphy says:

      What is the email address please?

  13. Avatar Jane says:

    I had a scam text stating my mobile contract is about to be cancelled. I called my provider & they knew nothing about this,stated it’s a scam and delete it. I only called because I couldn’t remember my password to log in directly from the text, just as well really. I am not a VM customer but made a price enquiry from a door to door sales man. He took all of my details but I cancelled within 14 days. I also had the email from VM, do they obviously stored my details. Is this a GDPR issue? I have never had scam texts before

  14. Avatar Christopher Wren says:

    £5k sounds about right for the potential impact and distress to the end user. If anyone has had to deal with identify theft, they will know that £5k would only be the start.

    More companies should get real penalties for being negligent with consumer data. In this case I hope the lawers get their way

  15. Avatar A.G. says:

    I would suggest everyone to read the T&Cs of “Your Lawyers” before enlisting to join this class action lawsuit.

  16. Avatar Kairra O'Mahony says:

    I have contacted YourLawyers about the section in their agreement that states that, should they lose, we are liable to pay the fees of VM in court. I’ve asked what exactly this entails and if I get a reply, I’ll mention it here. However, it’s something that is seriously dangerous for me as a single mother with no income to rely on.

    However, I agree with the lawsuit. We have more than enough technology to ensure encryption happens on any data, to find out that an entire customer base of information was sitting on open text data and for god knows how long is a serious breach not only of trust but of competence too. I’d left Virgin media for their constant price rises every year and refusal to even consider moving me to a cheaper package, now I find out they were waving my personal data around like a shining beacon for anyone interested in using it. They can bite the dust for all I care.

    1. Mark Jackson Mark Jackson says:

      There are no excuses for failing to at least password protect access to the database, although it’s worth nothing that there are good reasons why the actual content of a database may be left unencrypted (excluding passwords, financial details etc. that should always be encrypted).

      This is because it makes, for example, correcting and diagnosing system problems at admin level (i.e. when all else has failed)), as well as development work and enabling different systems to talk with each another, extremely difficult (sometimes even impossible) because not even they can see what’s in the database.

      This is partly why most software only encrypts the most sensitive part of the database, since to encrypt it all, even the less sensitive stuff, may be counter-productive. Instead you shift overall encryption and security to a higher level, the access level, rather than the content level.

    2. Avatar Susan says:

      Hi, did you get a response to your email enquiry please? as I am also interested in that particular section.

  17. Avatar Chris Hane says:

    I had the email, but I was recommended to go with pure legal limited and their “claim your data breach”. Seems really good so far, just signed all documents and was told it could be settled within a few months.

    1. Avatar Steve norton says:

      were you told if pure legal lose the claim you will have to pay some legal cost’s ?

  18. Avatar abhishek says:

    Small Claims Court: How much does it cost?

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £22.00
    Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPER21
  • Plusnet £22.50 (*36.52)
    Speed 36Mbps, Unlimited
    Gift: £60 Reward Card
  • Onestream £22.50 (*27.99)
    Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Speed 66Mbps, Unlimited
    Gift: None
  • Vodafone £22.95
    Speed 35Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Vodafone £26.00
    Speed: 100Mbps, Unlimited
    Gift: None
  • Virgin Media £27.99 (*51.00)
    Speed: 108Mbps, Unlimited
    Gift: None
  • Hyperoptic £29.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: Promo Code: HYPER21
  • TalkTalk £32.00 (*39.95)
    Speed: 145Mbps, Unlimited
    Gift: None
  • Giganet £35.00
    Speed: 200Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3049)
  2. BT (2886)
  3. FTTC (1835)
  4. Building Digital UK (1815)
  5. Politics (1777)
  6. Openreach (1710)
  7. Business (1544)
  8. FTTH (1351)
  9. Mobile Broadband (1345)
  10. Statistics (1321)
  11. 4G (1158)
  12. Fibre Optic (1109)
  13. Wireless Internet (1080)
  14. Virgin Media (1072)
  15. Ofcom Regulation (1069)
  16. EE (767)
  17. Vodafone (747)
  18. TalkTalk (717)
  19. Sky Broadband (704)
  20. 5G (630)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact