Virgin Media, a provider of telecommunications services, disclosed a data breach in a press release that was caused after a marketing database was incorrectly configured and left online. As a result of that, the personal information of about 900.000 customers has been exposed. This number represents approximately 15% of the company’s entire customer base.
Virgin Media confirmed the breach on the 5th of March and stated that customers’ personal details including customer names, email addresses, technical and product information, and phone numbers have been exposed.
The company also added that the database did not include any financial information like credit card information. However, there is a chance personal data from the database could be used by hackers to carry out phishing attacks, thus it is quite important to be aware of the risks.
Virgin Media said in a statement: “Our investigation is ongoing. We take our responsibility to protect personal information very seriously. We know what happened, why it happened and as soon as we became aware, we solved this issue by shutting down access following the discovery”.
The question arises here is whether or not was Virgin Media hacked? Technically, not. Because a human error seems to have been the root cause of the configuration error that obviously lead to the breach. The company warned its customers that they may be victims of identity theft as a result of the stolen personal information, and advised concerned customers to contact Action Fraud if they think they have been targeted via by phishing attacks, fraud, or nuisance marketing communications.
The company’s customers must not engage with any unrequested communication from anyone claiming to be from Virgin Media. Accidental exposure is actually a common form of a data breach, especially as companies move massive amounts of valuable and sensitive information to cloud computing providers. The result is clear, that a simple misconfiguration can potentially result in supposedly internal data being exposed to the wider internet.
This is not the first time when Virgin Media has suffered a data breach. According to GDPR, companies may be fined up to 4% of their annual revenue when consumers’ privacy rights covered by the law are violated. This also includes when customer information is accessed in a breach.