The FINANCIAL — Britain’s second-largest broadband company, which is owned by billionaire John Malone’s Liberty Global admitted that one of their marketing databases was incorrectly configured which allowed unauthorised access. It is one of the largest data breaches by a UK company in recent years. Database had been left unsecured for 10 month.
Almost a million Virgin Media customers had their personal details stored on a marketing database that had been left unsecured since last April, the company has admitted. The company warned customers that they may be victims of identity theft as a result of the stolen personal details, and advised concerned customers to contact Action Fraud if they think they have been targeted. The information would also be useful to would-be scammers planning to carry out phishing attacks or fraudulent phone calls, in the hope that they could convince their targets that they are the legitimate representatives of Virgin Media, The Guardian reported.
It is one of the largest data breaches by a UK company in recent years due to the number of customers at risk. Virgin Media stressed that the issue was triggered by a staff member not following the correct procedures and was not a cyber attack. The vulnerability of the customer data was first discovered by TurgenSec as part of a sweep of databases. It reported the issue to the ICO and said in a statement that Virgin Media reacted “swiftly” after being alerted, according to The Financial Times.
“We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access. We immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed line customers representing approximately 15% of that customer base. Protecting our customers’ data is a top priority and we sincerely apologise,” company wrote.
Virgin Media, which is owned by US cable group, Liberty Global, has informed the Information Commissioner’s Office as required, and launched a forensic investigation. The company said almost all of those affected were Virgin customers with television or fixed-line telephone accounts, although the database also included some Virgin Mobile customers as well as potential customers referred by friends as part of a promotion. Virgin Media said it would be emailing those affected on Thursday, in order to warn them about the risks of phishing, nuisance calls and identity theft. The message will include a reminder not to click on unknown links in emails and not to provide personal details to unverified callers, BBC reported.
“The database did not include any passwords or financial details, such as credit card information or bank account numbers, but did contain limited contact information such as names, home and email addresses and phone numbers. Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used,” Virgin Media stated.