How to secure your company's databases? Contact us for a free consultation at https://www.digitalbankvault.com/
The British ISP, owned by US cable group, Liberty Global, informed customers by email this week that the database of 900,000 users was accessible from at least 19 April 2019. Worse still, it admitted “the information has been recently accessed” by an unknown user.
“The database was used to manage information about our existing and potential customers in relation to some of our marketing activities,” continued the notice, which was sent to Infosecurity by a reader.
“This included: contact details (such as name, home, and email address and phone numbers), technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included the date of birth.”
However, no passwords or financial details were exposed in the privacy snafu, Virgin Media claimed.
The data trove was misconfigured by staff, exposing it to the public-facing internet for 10 months. Almost all of those affected had Virgin TV or fixed-line telephone accounts, with a few Virgin Mobile customers also included, according to reports.
The company warned customers that “there is a risk you might be targeted for phishing attempts, fraud or nuisance marketing communications.”
Jonathan Compton, a partner at city law firm DMH Stallard, warned that Virgin Media may be facing a major GDPR fine as a result.
“Fines towards the maximum of the applicable [Data Protection Act 2018] are likely. This was a serious breach, over a long period, affecting nearly one million people,” he added.
“The situation is aggravated by the fact that this was not the result of a hack but the result of negligence.”
Comments