Virgin Media Announced Data Incident Affecting 900,000 Individuals
- Virgin Media says someone had gained access to a database that should be out of any individual's reach.
- The misconfigured database contained the names, emails, and home addresses of 900k customers.
- The UK telco doesn’t believe that the data was used for abusive purposes but still disclosed the incident.
Virgin Media has discovered that one of its marketing databases was configured incorrectly, allowing someone without authorization to access it. This resulted in the typical compromise of the personal data of about 900,000 people. According to the media giant's report, this number corresponds to approximately 15% of their fixed-line telecommunications customers, while the type of the data that was exposed is quite sensitive. More specifically, the information that was stored in the database includes customer names, email addresses, phone numbers, and home addresses. However, there was no financial data, credit card numbers, bank account details, or any passwords of any kind.
Virgin underlines that this incident was not a data breach and that none of their systems had been hacked. What happened led to unauthorized access by a single person, while there’s no evidence of any others having accessed it. While there are no signs that the accessed information is used for malicious or abusive purposes, the exposed individuals are still running the risk of getting phished or scammed. For this reason, Virgin has sent notifications to the affected individuals, to alert them of the danger and help them prepare for the possibility of receiving any unsolicited email messages.
Virgin Media reminds its customers that they would never call or email them to ask for bank account details, and they would never send emails containing URLs or document attachments. This means that if you are a Virgin subscriber and you’ve received one of these messages, you better delete those as soon as possible. If it was a call that you’ve received, make sure to report it to the company, or contact "Action Fraud" at 'actionfraud.police.uk'.
Considering that this was not a data breach and that the personal details that flew off couldn’t have been sourced by a number of platforms or services, the transparency demonstrated by Virgin Media, in this case, is noteworthy. Of course, they were obliged by law to alert the affected individuals as well as the Information Commissioner’s Office (ICO) in the UK, and they complied with this accountability. Considering what happened to Virgin Media’s systems, it would definitely be a good idea to reset your online passwords, in general, and pick something strong this time. Virgin Media has a dedicated webpage to help you do this, so you may consult the tips that are provided there.