Virgin Media has apologised to customers after a database containing personal details of 900,000 people was left unsecured and accessible for 10 months.
The telecoms giant said that the details - which did not include passwords or financial information - had been accessed in at least one location by an unknown user. The marketing database included phone numbers and home and email addresses.
The breach has been reported to the Information Commissioner’s Office.
The company said the marketing database had been “incorrectly configured which allowed unauthorised access”. Once the breach was discovered, access to the database was immediately barred, Virgin Media said.
Lutz Schüler, chief executive of Virgin Media, said: “Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used.
“We are now contacting those affected to inform them of what happened. We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party.”
Marco Essomba, founder, iCyber-Security, said: "This recent breach highlights once again the challenges that Internet Service Providers (ISP) face to protect sensitive customer data. In this case a human error seems to have been the root cause of the configuration error that lead to the breach.
"However, it's surprising that it took Virgin Media ten months to detect and patch the flaw. In simple terms, these types of breaches occur because many organisations still lack adequate monitoring and controls to automatically detect and proactively respond to servers & applications misconfiguration before damage has been caused."
Recent Stories