[BreachExchange] Virgin Media exposes data of 900, 000 users via unprotected marketing database

Destry Winant destry at riskbasedsecurity.com
Fri Mar 6 10:07:14 EST 2020


https://www.zdnet.com/article/virgin-media-exposes-data-of-900000-users-via-unprotected-marketing-database/

Virgin Media, a provider of telephone, television, and internet
services in the UK, disclosed today a data breach that was caused by a
database server left exposed online without a password.

The incident exposed the personal details of approximately 900,000
customers, representing around 15% of the company's entire customer
base.

Exposed data varies by user, but it could contain names, home
addresses, emails, phone numbers, along with technical and product
information.

Virgin Media said the database was used for marketing activities and,
as a result, did not contain sensitive information, such as passwords
or financial details.

The company said it already notified the Information Commissioner's
Office, the UK's data protection watchdog.

In a data breach notification page, Virgin Media is warning customers
that they may be susceptible to phishing attacks.

"Based upon our investigation, Virgin Media does believe that the
database was accessed on at least one occasion but we do not know the
extent of the access or if any information was actually used," Lutz
Schüler, CEO of Virgin Media, said in a press release.

A Secure File Sharing and Storage Solution That Employees Love and IT
Admins Trust. Get Business-Grade Security With Hassle-Free Management
With Powerful Admin Console.

In an interview with the Financial Times, which first broke the story,
Schüler said they don't have any evidence that the stolen data was
abused in any way.

The company said it's now contacting each of the impacted users to
notify them about the incident.

Virgin Media is the second telco to disclose a data breach in the last
24 hours. Yesterday, T-Mobile US disclosed a security breach that
exposed the staff and customers' personal information.


More information about the BreachExchange mailing list