Virgin Data Breach Leaves Millions Vulnerable
Virgin Media has left its customers vulnerable after exposing their details online, via an unsecure database, which Virgin admit has been accessed by an ‘unknown user’.
The telecoms giant, revealed last week that one of its “marketing databases” containing details of 900,000 people was open to the internet and had been accessed “on at least one occasion” by an unknown user over a 10 month period from 19th April 2019.
These details, including phone numbers, addresses and email addresses could be used by cyber criminals to commit fraudulent activity. Virgin Media emailed customers in the database informing them of the issue.
However, researchers at cyber security firm TurgenSec ,who discovered the unsecure database, said the database contained more intimate details.
One researcher at TurgenSec told the BBC:
“Stating to their customers that was only a breach of ‘limited contact information’ is from our perspective understanding the matter potentially to the point of being disingenuous.
“These highly sensitive details could be used by cyber criminal to boost the chances of extorting money from victims.”
Customers that are said to have been put at risk during this breach, are those with television or fixed-line telephone accounts. However, the unsecure database also included details of new customers who had been referred as part of a promotion.
Virgin Media’s cyber security has been thrown into question, with a representative from TurgenSec saying;
“The information was in plain text and unencrypted, which meant anyone browsing the internet could clearly view and potentially download all of this data without needing any specialised equipment, tools, or hacking techniques.”
Liberty Global, the US cable group who own Virgin Media, have countered saying they take cyber security very seriously. They have also informed the Information Commissioner’s Office (ICO) of the breach.
A spokeswoman for the ICO, said it was investigating the breach and added:
“People have the right to expect that organisations will handle their personal information securely and responsibly. When that doesn’t happen, we advise people who may have been affected by data breaches to be vigilant when checking their financial records.”
However, Jonathan Compton, a partner at city law firm DHM Stallard, has explained that Virgin Media could face a large fine under GDPR. He said:
“Fines towards the maximum of the applicable [Data Protection Act 2018] are likely. This was a serious breach, over a long period, affection nearly one million people.
“The situation is aggravated by the fact that this was not the result of a hack but the result of negligence.”
Virgin Media have contacted customers affected by the breach, warning them of phishing attempts, identity theft and nuisance calls and steps to take to not give criminals the green light to access accounts.
However, some customers have been shocked as some of the details they’ve received have sent them to explicit and pornographic websites.