Virgin Media Data Breach Exposed 900,000 Customers Details

virgin media
Credit: Bloomberg

The personal details of 900,000 Virgin Media subscribers have been obtained from a third party after the telecommunications company noticed a marketing database was left unsecured for ten months.

The second-largest telecommunications corporation in Britain, operated by Millionaire John Malone’s Liberty Global, had taken up the matter since last weekend when it learned that one of its networks had not been correctly installed according to 3 sources with direct knowledge of the situation.

Due to the number of vulnerable clients, it is one of the UK businesses most massive data breaches in recent years. Virgin Media clarified that an individual did not follow the correct procedures and did not attack cyber.

Nonetheless, at least one user outside of the business accessed the advertisement website and was left open from April last year to last week.

Lutz Schuler, Virgin Media’s Chief Executive, told Financial Times that there was a breach, but that there is still no evidence that consumers’ data have been misused.

“There is no evidence that the data taken has been used in the wrong way,” he said, speaking on the sidelines of a media conference in London.

The data infringement impacts about 15 per cent of its fixed-line customer base even though some Virgin Mobile subscribers were also listed. Even non-Virgin Media subscribers could be affected because the database held data from ads called “refer a buddy.”

The document does not include passwords or financial information but includes names, e-mail addresses, telephone numbers, and business contact details. The data is beneficial for fraudsters that could use this information to reach customers directly, likely as employees of Virgin Media, and to provide more sensitive information.

TurgenSec first noticed the insecurity of customer data as part of a search of databases. It reported the issue to the ICO and confirmed in a statement that after being notified, Virgin Media “reacted swiftly.”

Virgin Media immediately notified the privacy monitor — ICO — of the reliability of the network but did not directly warn consumers. The business said it would have made an immediate declaration whether the details is financial or had to adjust customers’ passwords, but preferred to thoroughly investigate the issue with an external company before alerting consumers.

“We want to avoid any panic. We all have enough on our plate with coronavirus at the moment, but we have to be open about it,” said Mr Schuler, who said he would apologize to customers for the breach.

On Thursday night, Virgin Media is set to update all affected customers.

The TalkTalk, Three, and Sage Group has been the newest of a string of high-profile privacy breaches and cyber threats in the telecoms and telecommunications sector over the previous years.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.