The case discusses the data security breach at UK-based telecom and internet service provider Virgin Media Inc. (Virgin Media). On March 5, 2020, the company published a statement on its website stating that one of its marketing databases containing the personal details of about 900,000 existing and potential customers had been left unsecured online since April 2019 and had been accessed without its authorization. According to the company, the compromised information was mostly limited to contact and product data and importantly, did not contain financial information or passwords. The company reportedly became aware of the breach only after it was flagged by a third-party researcher at security research firm TurgenSec. Virgin Media stated that the breach had occurred not due to a hack or a criminal attack, but because the database had been “incorrectly configured” by a member of staff who had not followed correct procedures. Virgin Media immediately reported the data breach to the U.K. Information Commissioner’s Office (ICO) and launched an independent forensic investigation to determine the extent of the breach. However, it is likely to be in the crosshairs of data regulators for exposing private details of its customers online. Virgin Media could face up to £4.5billion compensation payout to affected customers. Though the company was taking several steps to prevent such data leaks in future, it remained to be seen whether it could fix its reputation. Virgin Media’s CEO Lutz Schüler apologized for the breach but was that enough to regain the trust of customers?
PayPal (6 USD)
The case is structured to achieve the following teaching objectives:
Analyze the issues arising out of the Virgin Media data security breach.
Understand the importance of Information Security Systems in organizations.
Study the impact of the breach on Virgin Media.
Analyze the steps Virgin Media should take to prevent such data breach incidents in the future.
Discuss the tools available for detecting fraud and intruders in an organization’s systems.