Virgin Media data breach

I’ve just received an email stating Virgin Media have had a data breach.


We are very sorry to have to inform you that we recently became aware that some of your personal information, stored on one of our databases has been accessed without permission. Our investigation is ongoing but we currently understand that the database was accessible from at least 19 April 2019 and that the information has been recently accessed.

To reassure you, the database did NOT include any of your passwords or financial details, such as bank account number or credit card information.

The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details (such as name, home and email address and phone numbers), technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth. Please note that this is all of the types of information in the database, but not all of this information may have related to you.

We take our responsibility to protect your personal information seriously. We know what happened, why it happened and as soon as we became aware we immediately shut down access to the database and launched a full independent forensic investigation. We have also informed the Information Commissioner’s Office.

Given the nature of the information involved, there is a risk you might be targeted for phishing attempts, fraud or nuisance marketing communications. We understand that you will be concerned so we are writing to everybody affected to provide reassurance, guidance and support. We have put all of the latest information on our website https://www.virginmedia.com/help/data-incident

1 Like

Another day, another data breach. :neutral_face:

1 Like

Tell me about it… I’ve had Tesco Clubcard, Boots Advantage card and now Virgin Media all within the past few days.

1 Like

Maybe that would explain why there were so many problems with virgin.

The Tesco and Boots ones are not data breaches, they are where someone’s details have been stolen and then attempted on Tesco and boots, and some have been successful because the individual has used the same password or similar one or one easy to guess via a dictionary password crack. It’s not a breach by Tesco or Boots system’s.

2 Likes

The BBC has said that it was a database without a password.

You can’t get hacked if you don’t have a password. Genius.

I hope they get the maximum fine under the GDPR

2 Likes

Why have the work to try to hack his password if you now know his address and phone number, you can personally ring the bell and ask for his password.
Joke aside, there is indeed a possibility of someone hijacking a phone number and then gaining access to the account by reseting the password

1 Like

Sadly it’s easier for big companies to fix problems after a breach and pay a fine than it is to pay for security checks to stop it in the first place

3 Likes

This is a symptom of broken legislation. The fines should be high enough that securing the data in the first place should always be cheaper than paying a fine in case of breach (the fact that not all breaches are noticed or reported should also be accounted for when determining the amount).

1 Like

The fines can be massive, upto 4% of your annual turnover. The company I work are pretty fanatical about data security and a factor of why is the potential fines.

In the case of Virgin Media clearly something in their processes failed, it should have been setup right and it should have been checked by someone else.

The data was potentially open to anyone that found it, it doesn’t automatically mean someone else has or did download it, but given the length of time it was effectively in the open, it’s probably more likely than not that it was.

I would like to hope that Virgin will get slapped with a massive fine as while this was human error, it’s a big failing in their process and their data security department which should be looking for these kind of things.

1 Like

I guess I expressed myself wrong. I am aware of the potential fines. What I meant is that so far (and this is 2 years after the GDPR went into effect) we haven’t actually seen any of these fines being given out, despite there being a lot of big offenders to go after.

“The UK telecoms company revealed on Thursday that one of its “marketing databases” containing details of 900,000 people was open to the internet and had been accessed “on at least one occasion” by an unknown user.”

“Virgin Media, which is owned by US cable group Liberty Global, said it took security very seriously.”

I always love these statements after a breach happens, they take it seriously however it was open to the internet. Let’s be serious, a lot of big companies still don’t take GDPR seriously. Check to see how many companies are GDPR compliant or how many GDPR specialists they have within the firm. That’s where I would audit for prevention.

1 Like

Of which, £187m would be from British Airways. Granted, only 1.5% and not 4%, but it’s still not exactly pocket change.

1 Like

So this is very likely the reason I suffered Identity theft a few months ago.
No way will I ever go back to virgin again. That is now twice I have had reason to fall out with them. Worst company I have ever dealt with.

1 Like