An unsecured Virgin Media marketing database exposed contact information for almost 1 million people, the company said Thursday.
Graphic by Pixabay/Illustration by CNET
Virgin Media left contact information for 900,000 people exposed on an improperly configured marketing database, the company said in a statement Thursday. The exposed data was accessed by outside actors at least once, the company said, and is now properly secured.
The phone numbers, addresses and emails for "customers and potential customers" were on the database, according to UK-based Virgin Media. The data didn't include any financial information or login credentials. The database was accessible for about 10 months, from April 2019 through February 2020. Virgin Media is contacting affected people directly to let them know their data was included in the exposure.
"We have strict security processes and policies in place but, in this instance, we fell short of our usual standards," the company said in a statement.
The database joins the countless insecure caches of personal data exposed on the internet every day. As companies transition data to cloud servers, they frequently fail to use password protection or use encryption tools that keep random internet users from accessing the data simply by entering the correct IP address into their web browser.
A cottage industry of researchers seek out the exposures and try to get companies to fix them. Virgin Media didn't confirm whether it owned the server that was storing the information, or how it initially learned of the exposure.
The exposure puts victims at risk of phishing attacks, in which scammers might contact them by phone or email and try to get them to reveal even more personal information. Virgin Media said in an announcement of the exposure it will never or email call customers to ask for banking details.
"We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party," Virgin Media CEO Lutz Schüler said in a statement. In a note to affected users, the company suggested visiting the UK Information Commissioner Office's website on avoiding identity theft, and other resources for protecting yourself from phishing attacks.
Comments Hacking Privacy Notification on Notification off Security