Virgin Media data breach hits nearly one million customers
6 March 2020, 11:37
Virgin Media exposed the personal information of nearly a million customers after a marketing database was accidentally left online for 10 months.
The information of 900,000 people was accessed "on at least one occasion" by an unknown user, according to Virgin Media.
Information - which was on the database for marketing purposes - contained phone numbers, home and email addresses but did not include passwords or financial details.
Virgin Media spokesman said: "We do not know the extent of the access or if any information was actually used.”
The firm was alerted to the problem after it was spotted by a security researcher at TurgenSec on Friday.
Almost all of those affected were Virgin customers with television or fixed-line telephone accounts, although some Virgin Mobile customers as well as potential customers referred by friends could have also been hit.
For more information please click here >> https://t.co/qxG0gASxWO pic.twitter.com/JGNXgSq8I9
— Virgin Media (@virginmedia) March 5, 2020
Lutz Schüler, chief executive of Virgin Media said: "We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access. We immediately solved the issue by shutting down access.
"Protecting our customers' data is a top priority and we sincerely apologise.
"Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used."
Jonathan Compton, partner at DMH Stallard and Member of the Chartered Institute of Arbitrators, said: "One of the key principles of the 1998 Act and the more recent EU based Data Protection Act 2018 is the obligation on data handlers to keep that data secured. The Virgin Media database was accessed at least once and the company is not able to tell the identity of the user concerned.
"It is important to note that this was not a case of a secure database being hacked. No, this was an “error by a member of staff not following correct procedures.
"Virgin Media is required under the Acts to report itself to the ICO and I understand that it has done so.
"The company can expect a large fine.
Virgin Media said it would be emailing those affected on Thursday to warn them about the risks of phishing, nuisance calls and identity theft.
