Virgin Media has publicly apologised after a data breach resulted in personal and private customer data being unsecured and therefore accessible to hackers for 10 months.
Since April, 2019, information from 900,000 people was accessible via a Virgin Media database. The company has stated that the database did not contain any financial information or passwords from customers, but that it had been accessed once in those ten months by an unknown user.
Lutz Schüler, chief executive of Virgin Media said, "We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access. We immediately solved the issue by shutting down access."
Almost all of those affected were Virgin customers with TV or fixed-line telephone accounts. The database also included some Virgin Mobile customers as well as friends referred to the company via customers using promotions.
The company has launched an investigation and informed the Information Commissioners Office, as is required.
How do I know I have been affected?
"Protecting our customers' data is a top priority and we sincerely apologise," said Mr Schüler. Virgin announced it contacted all affected customers on Thursday.
He added, "Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used."
The letter sent to affected customers read, "We are very sorry to inform you that we recently became aware that some of your personal information, stored on one of our databases has been accessed without permission."
It further explained that the information on the database was mainly for marketing and promotional material, but did include names, home and email address, and phone numbers.
The company then urged customers to change passwords and ensure they use different passwords across their online accounts.
Was Virgin hacked?
Technically, Virgin has not been hacked but had it been then this database would have provided a lot of information for cyber criminals. Human error is the main culprit for the exposed data.
Hackers can use information to conduct "phishing expeditions" where they reach out to you via email in the guise of another company and ask you for financial information.
Therefore it is important never to hand out financial information or passwords to anyone via email or over the phone, especially if you do not recognise the source.
Telecoms expert at Uswitch.com, Ernest Doku, said, "Almost a million Virgin Media customers will be rightly concerned to learn that their personal data has been accessible and unsecure since last summer. Ten months is a long time for information useful to scammers, like phone numbers and email addresses, to be left available online.
“While it’s fortunate that only one ‘unknown user’ accessed the information in that time, it only takes one person to sell that information to cyber-criminals."
If you are a Virgin customer and you are concerned about this data breach, you can visit the company's website for more information or call their customer service line on 0345 454 1111.