Virgin Gym Theft Report Uncovers Widespread Problem

Other victims come forward after Charlotte Morgan told her story

Charlotte Morgan was initially told theft was her fault. Picture: Facebook

When Charlotte Morgan reported the theft of thousands of pounds from her account after her belongings were stolen from a locker in the Virgin Active Gym in Chiswick she was initially told it was her fault and she wasn’t getting her money back.

She detailed her experiences on Twitter telling of how, during the time she was working out the thieves spent thousands in Westfield and the West End having gained access to her bank account.

After her story was reported in the media, more and more people started coming forward saying that they had had nearly identical experiences including some who had been at the same gym. Her bank, Santander, having initially blandly told her that she wasn’t going to be refunded, eventually relented and told her that she was going to be fully reimbursed once her case was covered in the media.

Her nightmare began on the evening of Wednesday, 24 August when she had left her phone and her bankcard with the rest of her belongings in the gym in Chiswick Business Park. She recalls that the security barriers at the premises had not been working allowing anyone to get in without being checked. When she returned to her locker the padlock was gone and her bag had been taken. When she reported the theft to the front counter, there were two other women there who had also been victims. She remembered that one of them had arrived at the gym at the same time as her.

She was aware that she needed to report the theft as quickly as possible, but the Virgin Active staff refused to let her use the computer or landline to do so claiming that this would be against data protection rules. A colleague of Charlotte’s was able to provide a phone for her to stop transactions on her card but by then it was too late.

Despite, the high value and uncharacteristic nature of the transactions, Santander’s fraud alert system was not activated and £8,000 worth of spending was allowed. At one point the bank did query a transaction by sending a message to Charlotte’s phone but as this was in their possession, they indicated that the purchase was legitimate.

Charlotte now believes that the thieves accessed her funds through a flaw in the way that the Santander phone app works. She has countered the risk by locking the SIM on her phone and by changing her settings so that messages don’t appear on the screen when the phone is locked. It is believed that criminals were able to set up access to the bank account by seeing the security code sent to the phone to verify identity.

Because the keys to her flat were also in her bag, she was forced to go back to her office, where she worked nearby as a TV producer, and frantically try and deal with the avalanche of problems the theft had created for her.

The next morning, she was required to walk for 50 minutes to the nearest Santander branch because the lock on her bike had also been stolen and she didn’t have her card to pay for public transport.

The long Bank Holiday weekend was a time of stress and anxiety for her as more and more information came through about the scale of the theft and Santander’s indifference to her plight.

Virgin Active also showed little concern. The theft was reported to the police but the gym said it did not take responsibility for thefts at its premises. The police said that they may get back to her in a couple of weeks after they had had a chance to review any CCTV footage.

Charlotte said, “To have entered the changing rooms unnoticed, the thief must be female. To know that another woman has targeted me and made my life extremely difficult makes me shiver.

“But the hardest blow, the one that almost broke me, came when a Santander employee told me — rather casually and bluntly, six days after the theft — that I would not be reimbursed.

“The theft was my own fault, he said. I must have kept my PIN number with my debit card — perhaps written on the card itself, he added.

“This was insulting and untrue — and anyway, it still wouldn't explain how my savings were ransacked.”

It was at this point she decided to detail the whole episode on Twitter, describing exactly what had happened. She was unprepared for the response she got, with people telling her they had had identical experiences and other pointing out that security issues with her phone and the bank’s software made her claim that she had not been careless with her Pin entirely credible.

A bank security expert explained how her SIM card was probably put into another phone to allow the thieves to bypass thumbprint and facial recognition security. Locking the SIM card closes this vulnerability.

Another loophole in security is that smartphones are usually set by default to display messages even when they are locked. This allows the thief to learn the one-off security code sent to the victim’s stolen smartphone to allow them to complete the process of setting up access on new devices. You can change this setting on your phone to avoid this happening.

For iPhones:

Go to Settings
Scroll to Messages
Scroll to Notifications
Scroll to Show Previews where there are three choices: Always / When Unlocked / Never
Select either When Unlocked or Never. Your messages will no longer flash up when your phone is locked

For Android:

Go to Settings
Select Lock Screen
Select Notifications
Select Don't Show Notifications. Your messages will no longer flash up when your phone is locked

Her story was shared tens of thousands of times and people sent her gift cards to pay for meals (which she returned). A significant number of people came forward to tell her that the same thing had happened to them, including the theft taking place at a gym, and the BBC consumer affairs programme You and Yours picked up on the story and interviewed other victims.

An investigation by Shari Vahl found a pattern of thefts in which women at gyms across London had been targeted in the same way. She reported her findings to the Met who told her that they will be reopening the file on a number of similar cases.

It is thought likely that the thief may have taken out or stolen a membership that allowed her to visit gyms across the company’s network giving her access to many locker rooms. One woman had £10,000 stolen from her account after a theft from a Virgin Gym last month shortly before Charlotte’s misfortune. The modus operandi appears identical including the shops used to make the purchases. The BBC spoke to women at gyms in Putney, Mill Hill and Notting Hill who appear to have been victims of the same thief. Shari Vahl believes it is possible the thief used stolen gym passes to gain access. As the theft occurs in a locker room where there is no CCTV, identifying the culprit may be difficult.

Virgin Active accused of lax security after three lockers were broken into

As Charlotte’s story went viral, Santander had a change of heart and called her to make a lengthy apology. Virgin Active also contacted her to say that it wished to ‘regain her trust’.

As well as locking her PIN, Charlotte now never keeps her bank cards and phone together but she remains unsure that this will be enough saying, “Frankly, I no longer have confidence that even these measures would foil a knowledgeable thief. After all, this was clearly not the work of an amateur.

“And it was not a lone attack, either. A spate of thefts at London gyms has left numerous other women facing the same awful nightmare. Many of them have contacted me.

“It's hard to put into words how it feels when a system designed to help turns its back on you. Police, gyms and banks all need to work together on this.

“I'm angry, upset and impatient for change.”

A Met spokesperson said, "We have been made aware of a number of similar offences in which property has been stolen from gym lockers and bank cards then used to make fraudulent purchases.

"Each offence is now being reassessed and, where appropriate, these will be investigated as part of a linked series.

"The victims in each case will be contacted by officers and provided with updates as the investigation progresses."


Value Reading Articles Like This? Help Us Produce More

This site remains committed to providing local community news and public interest journalism.

Articles such as the one above are integral to what we do. We aim to feature as much as possible on local societies, charities based in the area, fundraising efforts by residents, community-based initiatives and even helping people find missing pets.

We've always done that and won't be changing, in fact we'd like to do more.

However, the readership that these stories generates is often below that needed to cover the cost of producing them. Our financial resources are limited and the local media environment is intensely competitive so there is a constraint on what we can do.

We are therefore asking our readers to consider offering financial support to these efforts. Any money given will help support community and public interest news and the expansion of our coverage in this area.

A suggested monthly payment is £8 but we would be grateful for any amount for instance if you think this site offers the equivalent value of a subscription to a daily printed newspaper you may wish to consider £20 per month. If neither of these amounts is suitable for you then contact and we can set up an alternative. All payments are made through a secure web site.

One-off donations are also appreciated. Choose The Amount You Wish To Contribute.

If you do support us in this way we'd be interested to hear what kind of articles you would like to see more of on the site – send your suggestions to the editor.

For businesses we offer the chance to be a corporate sponsor of community content on the site. For £30 plus VAT per month you will be the designated sponsor of at least one article a month with your logo appearing if supplied. If there is a specific community group or initiative you'd like to support we can make sure your sponsorship is featured on related content for a one off payment of £50 plus VAT. All payments are made through a secure web site.

September 11, 2022