About one million Virgin Media customer data records were left insecure online, meaning almost anyone could access them for 10 months, report the BBC and other mainstream media today.
Although card details and bank account numbers were NOT accessible the breach is serious, as it underlines poor security sweeps or checks being carried out monthly, if not weekly, as you might expect from a major company. Customer records had been stored on a database that was visible to anyone online, due to an error by a Virgin media employee.
Lutz Schüler, chief executive of Virgin Media said: “We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access. We immediately solved the issue by shutting down access.”
“Protecting our customers’ data is a top priority and we sincerely apologise,” he said.
“Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used,” Mr Schuler told the BBC.
One legal firm, DMH Stallard, told the IT trade press that Virgin Media could be looking at a hefty GDPR fine;
“Fines towards the maximum of the applicable are likely. This was a serious breach, over a long period, affecting nearly one million people, the situation is aggravated by the fact that this was not the result of a hack but the result of negligence.”
Adam French, Which? Consumer Rights Expert, said:
“This data breach has exposed the data of almost a million Virgin Media customers and whilst no financial details or passwords were included, those customers are likely to be worried. It is vital that Virgin Media continues to provide clear information on what has happened.
“For anyone concerned they could be affected – it’s good practice to update your password after a data breach. Also, be wary of emails regarding the breach, as scammers may try and take advantage of it.”