Virgin Media database breach exposes details of 900,000 customers

Telecoms company Virgin Media has issued help and advice to its customers after revealing that details of 900,000 people on its database were left exposed.

It was not a cyberattack or a hack, according to a statement from the business issued late on Thursday (5 March), but it said “some personal information, stored on one of our databases has been accessed without permission”.

Virgin Media said the database was used to manage information about its existing and potential customers, in relation to some of the organisation’s marketing activities. Details included people’s names, home and email addresses, and phone numbers, as well as technical and product information such as requests that consumers may have made using forms on the Virgin Media website.

In what the company described as a “very small number of cases”, some people’s birthdates were exposed. The database did not include any passwords or financial details.

An investigation into what happened is now underway, and Virgin Media has contacted affected customers and the Information Commissioner’s Office.

Lutz Schüler, CEO of Virgin Media, commented: “We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access.

“We immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed line customers representing approximately 15% of that customer base. Protecting our customers’ data is a top priority and we sincerely apologise.”

He added that the investigation so far suggests the database was accessed on at least one occasion but the company does not yet know the extent of the access or if any information was actually used.

“We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party,” he said.

In January, foreign exchange company Travelex took its systems offline after detecting a cyberattack on New Year’s Eve 2019. Its parent company, Finablr, announced this week that Travelex has now completed a phased programme to restore all of its customer-facing platforms after the ransomware attack known as Sodinokibi, or REvil, but said first-quarter EBITDA will be down by around £25 million year on year.

The drop in profit is predominantly a result of the cyberattack but also due to the impact Covid-19 has had on travel restrictions in recent months.