Re: A few at fault here
BT are right not to re-imburse. If 5060 had been blocked then it would have had to be unblocked anyway and so the same hack would have happened.
But BT are at fault for not blocking 5060 on 'All'. Anyone who isn't knowingly using SIP/VOIP who gets hacked through this port should take 'em to the cleaners. As to the distinction between security on a home and business account - I have a home business and I expect the same level of security in either mode. If I'm running a bank or an obvious target for attack I may elect to put in extra firewalls and other stuff but an ordinary business and an ordinary home user should have the same level of protection. Not just for their own sake but to minimise the chance it gets taken as a bot to plague the rest of us.
And on the grief BT Broadband has given me and my clients over the years - anyone using them should, perhaps, be aware they are not to be trusted for anything other than watching some footie. So, yes, blame all round!