Virgin Media, a provider of telephone, television, and internet services in the UK, disclosed today a data breach that was caused by a database server left exposed online without a password.
The data breach exposed the personal information of approximately 900,000 customers (names, home, and email addresses and phone numbers).
Virgin Media said the incident was neither a cyber attack nor the company’s database was hacked; rather the personal details of Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication.
“The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack, but as a result of the database being incorrectly configured,” the company said in a data breach notification page.
The company discovered the security breach on February 28, 2020, it determined that the database was accessible from at least April 19, 2019. According to an ongoing investigation, the database was recently accessed by an unauthorized party at least on one occasion. The company doesn’t know “the extent of the access or if any information was actually used.”
Lutz Schüler, CEO of Virgin Media, said in a press release that the company “immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed-line customers representing approximately 15% of that customer base.”
“The database did not include any passwords or financial details, such as credit card information or bank account numbers, but did contain limited contact information such as names, home, and email addresses and phone numbers,” he added.
- contact details (such as name, home and email addresses, and phone numbers)
- technical and product information
- customers’ dates of birth (in a very small number of cases)
“Please note that this is all of the types of information in the database, but not all of this information may have related to every customer,” Virgin Media says.
Virgin Media is contacting the impacted customers to notify them about the incident.