» ISP News » 

Law Firm Starts Legal Action Over Virgin Media UK Data Breach

Wednesday, October 14th, 2020 (9:45 am) - Score 20,976
Law internet uk isp

A consumer action law firm, Your Lawyers, has today announced that they’ve launched a Group Action Claim against broadband ISP Virgin Media UK, which gives the provider “four weeks to admit liability” for a recent data breach that exposed the personal details belonging to 900,000 of their customers.

Back in March 2020 the operator revealed that an “incorrectly configured” marketing database had exposed personal customer details to the public (here), which had apparently been “accessed on at least one occasion” but they didn’t know by whom or if any information had actually been used.

NOTE: The database is understood to have been potentially accessible for ten months between 19th April 2019 and February 2020

Initially the operator announced that the database itself had contained the names, home addresses, email and phone numbers of both customers and potential customers alike, but NOT passwords or financial details. But it later transpired, via internet security firm TurgenSec, that the database also contained a lot of other data for some customers (e.g. IP addresses, requests to block or unblock various pornographic sites etc.).

All of this information was stored in plaintext and unencrypted, which effectively meant that anyone browsing the internet could potentially view and download all of it without needing any specialised equipment, tools, or hacking techniques, provided they knew where to look. Virgin Media promptly closed the database and notified affected customers soon after becoming aware.

At around the same time Your Laywers began collecting interest from those affected by the breach, which was done with a view to launching a group action against Virgin Media. The law firm has today kicked off its Group Action Claim against the operator, which gives them four weeks to admit liability for the breach.

What’s happens next?

If they do not admit liability then Your Lawyers intends to file an application for a Group Litigation Order (GLO) in order to formalise the action and seek justice for those affected. Recent GLOs have included the British Airways data breach, Hillsborough Victims and VW Diesel Emissions.

Your Lawyers claims to represent almost 2,000 Claimants in the case, having received thousands of enquiries, and they will no doubt be aiming to attract more with today’s move. The law firm claims that each “victim of the breach” could be eligible for up to £5,000 compensation for “financial and emotional distress suffered“, which in theory could leave Virgin Media with a total compensation bill of up to £4.5bn (massively more than the cost of their c.£3bn Project Lighting network expansion).

Aman Johal, Director of Your Lawyers, said:

“Our Group Action Claim against Virgin Media is now live and I encourage anyone affected to sign up for representation now.

Unbelievably, Virgin Media failed to take the necessary steps to keep people’s data safe for a sustained period of time, and, shockingly, it took a third-party security researcher to identify the issue.

We know from experience that, when personal data is exposed online, it leaves victims vulnerable to cyberattacks and attempts at fraud, such as phishing scams. Customers will no doubt have bought into the Virgin Media brand that has been nurtured by Richard Branson for years and will rightly expect their personal data be properly protected. For this to have happened is an inexcusable breach of consumer rights.

Your Lawyers will hold Virgin Media to account for this avoidable breach of private information, and we will do everything possible to ensure justice for the victims prevails. The door is open for victims to join the action, and now is the time to act.”

As you might expect this is one of those “no win, no fee” style firms, which will of course have a vested interest in making such things look as financially attractive as possible. Over the past couple of years’ a new wave of group litigation under UK data protection legislation has cropped up, which has potentially placed additional liabilities upon businesses (as if the huge fines under GDPR weren’t worry enough).

According to the Information Commissioner’s Office (ICO), which is still probing VM’s breach, damages for breach of data protection legislation may be “material” (e.g. financial losses) or “non-material” (e.g. distress) and indeed previous cases have shown that damages may be awarded for a “loss of control” over personal data, even in the absence of pecuniary loss or distress.

In this case it appears as if Your Laywers intend to claim compensation for both financial and emotional distress, although that figure of £5,000 is very debatable. Normally you’d have to prove this (e.g. a start would be to show that somebody had actually abused the data) but, as above, damages could conceivably still be awarded for just a “loss of control” over the data itself.

However, case law around such claims – for the loss of control of data – is still evolving, although it seems unlikely to attract the sort of financial damages being talked above, especially as no financial details were exposed. Each case is different and a court will probably still need to see some demonstration of harm (that will be tricky).

We also recall seeing a roughly similar group action against Morrisons not so long ago, which hit a problem with its compensation demands after a ruling found that the company was not vicariously liable for the acts of the employee (we don’t yet know if this is an angle that VM will be able to argue). Meanwhile Virgin Media has declined to comment, which is normal where legal action is concerned.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
17 Responses
  1. JitteryPinger says:

    So what about customers who have received a notification via the My Virgin Media portal telling them their data was in fact part of the breach/leak however have not had emails regarding the issue.

  2. A_Builder says:

    Well if you will store plain text unencrypted customer data……I mean really…..ever head of EAR (Encryption At Rest)….thought not.

    Must have had Talk Talk do the database security…..

    Seriously the whole point of all of these penalties is so that companies take data protection and encryption to heart. If you are stupid enough to be CTO and have unencrypted customer data on your servers then your annual bonus should be a P45 as you are simply not competent and if you didn’t know that then have not done the proper audits.

    1. Reality says:

      Looks like you’ll be getting a P45 for your next bonus then if you think Encryption at Rest would have prevented this breach….

  3. Tanzil says:

    My password and other information was leaked too and I got couple of threatening emails. I complaint to them, did follow up but no appropriate response provided by them

  4. David Smith says:

    We have had all our on line accounts hacked and emails from Amazon security are being diverted from our Virgin email before we see them. Been waiting over 24hrs for call back from Virgin security. Virgin customer for 20yrs. All trust in company gone.

    1. I call BS says:

      Stop talking rubbish, this happened ages ago! You really expect us to think you’ve been having difficulties logging into Amazon for months and only NOW you’ve decided to act upon it?

    2. Han Smith says:

      I find this very hard to believe, for you this would be very hard to price that it was virgins fault or infact your own fault or the fact you’ve got a virus in your computer.

      When theirs blame theirs a claim


    I’ve been reporting a data breach on my Virgin mobile phone to the police in Eastbourne several times. Nothing has been done. I had also some frauds from my “Santander” Bank account. My password has been changed by someone and I couldn’t log me into my Virgin account. Until now I suffer from scams. My e-mail addresses are compromised and my phones have sky control problems. I am fed up with all of that. I went to the Employment Tribunal with my former employers. There was a data breach into my Court Case.

  6. Gavin Jones says:

    I have been with virgin media over twenty years previously NTL, and I got informed about data leak, I had my email hacked and my Netflix account was blocked from use its password was changed and used by two other people around the world. I got pestering porn emails and many annoying mobile calls lasting over three months until I deactivated my email account. I told virgin media, they didn’t take it serious which I expected. Virgin media make it so difficult to break free. I am so please to hear that something is being done as I think they should be held accountable for all that loss off our data. I wish Your Lawyers best of luck, although I think virgin media will try their best to wiggle out of responsibility.

    1. Steven says:

      Nothing is going to come out of it, nothing ever does. Companies get hacked all the time, you can’t deter a determined hacker

  7. Han Smith says:

    Up to £5k ok and what cut does this lawyer company take? Ill guarantee the claimant will get no where near £5k. The only person that’s going to benefit from this is the lawyer.

    1. Steven says:

      It’ll be unsuccessful anyway, much like the whole VW emissions scandal. You’ve got all these companies doing “class action lawsuits” and absolutely nothing has happened! There’s far larger companies suffered more significant data breaches and all they got was a slap on the wrist and made to sit on the naughty step for 30 seconds.

  8. Han Smith says:

    Customers will no doubt have bought into the Virgin Media brand that has been nurtured by Richard Branson for years

    It would seem that this lawyer dosnt even know that Branson dosnt own virgin media anymore

  9. Matt says:

    To be honest I’ve had many data breaches with Virgin Media over the years but only ever things that where sensitive to my Virgin account.

  10. Gee Joke says:

    Cyber ​​protection and anonymity, especially in our time, is a very sensitive issue for many users.
    Utopia Ecosystem is professionals in this business, your safety is guaranteed!

  11. Chris Hills says:

    There is already a class action in progress with the firm Irving’s Law which was started months ago.

  12. Jack says:

    Noticed a huge increase of 38 calls a month since that breech of smam phone calls to our landline, previously around 13 a month. We left Virgin mid September and moved our cherished number over to VoIP and now use an integrity checker before it passes through and rings our phone. So glad we did now getting about 4 calls since we left.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Ultrafast ISPs
  • Gigaclear £17.00
    Speed: 200Mbps, Unlimited
    Gift: None
  • Community Fibre £20.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • Virgin Media £25.00
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £25.00
    Speed: 100Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00
    Speed: 150Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 30Mbps, Unlimited
    Gift: None
  • NOW £21.00
    Speed 36Mbps, Unlimited
    Gift: None
  • Shell Energy £21.99
    Speed 35Mbps, Unlimited
    Gift: None
  • Vodafone £22.00
    Speed 38Mbps, Unlimited
    Gift: None
  • Plusnet £22.99
    Speed 36Mbps, Unlimited
    Gift: £75 Reward Card
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (4015)
  2. BT (3132)
  3. Politics (2086)
  4. Building Digital UK (2007)
  5. Openreach (1950)
  6. FTTC (1917)
  7. Business (1803)
  8. Mobile Broadband (1589)
  9. Statistics (1487)
  10. FTTH (1369)
  11. 4G (1359)
  12. Virgin Media (1264)
  13. Ofcom Regulation (1229)
  14. Fibre Optic (1221)
  15. Wireless Internet (1220)
  16. Vodafone (920)
  17. EE (900)
  18. 5G (875)
  19. TalkTalk (815)
  20. Sky Broadband (782)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact