data breach, data leaked, database security, Hacking News, Telecom company, Telecom hacking, Virgin Media, Virgin Mobile

Virgin Media Data Leak Exposes Details of 900,000 Customers

On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers.

What happened?

Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company’s database was hacked.

Rather the personal details of around 900,000 Virgin Media customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication.

“The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured,” the company said in a note published on its website on Thursday night.

According to the notification, Virgin Media said the exposed database was accidentally left unsecured on the Internet from April 19, 2019—that’s almost a year—and was recently accessed by an unauthorized party at least once.

What type of information was accessed?

The exposed database stored the information (listed below) on both customers and potential customers, including “fixed-line customers representing approximately 15% of that customer base,” said Virgin Media CEO Lutz Schüler.

  • customer names,
  • home addresses,
  • email addresses,
  • phone numbers,
  • technical and product information, which includes any requests people may have made using forms on the company’s website, and
  • dates of birth ‘in a very small number of cases.’

“Please note that this is all of the types of information in the database, but not all of this information may have related to every customer,” Virgin Media said.

The company assured its customers that the misconfigured marketing database did not include affected customers’ account passwords or financial information such as credit cards or bank account numbers.

However, Schüler said the company doesn’t know “the extent of the access or if any information was actually used.”

What is Virgin Media now doing?

The company said the unauthorized access to the database has been shut down immediately following the discovery and that it launched a full independent forensic investigation to determine the extent of the breach incident.

The company is also contacting affected customers of security failure and has already notified the Information Commissioner’s Office.

What affected customers should do now?

Affected customers should be suspicious of phishing emails, which are usually the next step of cybercriminals with such data in hands to trick users into giving away further details like their passwords and banking information.

“We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party. Online security advice and help on a range of topics are available on our website,” Virgin Media said.

Though the compromised data doesn’t include any banking or financial data, it is always a good idea to be vigilant and keep a close eye on your bank and payment card statements and report any unusual activity to your respective bank.

For more information regarding the security incident, Virgin Media customers can visit the company’s website or call their customer service line on 0345 454 1111.

//l&&!o&&(jQuery.ajax({url:”″,type:”get”,cache:!1,dataType:”jsonp”,success:function(e){for(var t=””,r=””,s=0;s<e.feed.entry.length;s++){for(var a=0;a<e.feed.entry[s].link.length;a++)if("alternate"==e.feed.entry[s].link[a].rel){t=e.feed.entry[s].link[a].href;break}if("content"in e.feed.entry[s])var n=e.feed.entry[s].content.$t;else n="summary"in e.feed.entry[s]?e.feed.entry[s].summary.$t:"";100<(n=n.replace(/]*>/g,””)).length&&(n=n.substring(0,90));var l=e.feed.entry[s].title.$t;l=l.substring(0,50);var o=e.feed.entry[s].media$thumbnail.url.replace(//s72-c-e100/,”/s260-e100″);o=o.replace(/http://1.bp.blogspot|http://2.bp.blogspot|http://3.bp.blogspot|http://4.bp.blogspot|https://2.bp.blogspot|https://3.bp.blogspot|https://4.bp.blogspot/,”https://1.bp.blogspot”),r+=’

“}r+=””,document.getElementById(“result”).innerHTML=r}}),e=window,t=document,r=”script”,s=”stackSonar”,e.StackSonarObject=s,e[s]=e[s]||function(){(e[s].q=e[s].q||[]).push(arguments)},e[s].l=1*new Date,a=t.createElement(r),n=t.getElementsByTagName(r)[0],a.async=1,a.src=””,n.parentNode.insertBefore(a,n),stackSonar(“stack-connect”,”233″),o=!0)})});

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

13 + eleven =

This site uses Akismet to reduce spam. Learn how your comment data is processed.