Monday, November 18, 2024
Latest:
The Register 

Like a Virgin, hacked for the very first time… UK broadband ISP spills 900,000 punters’ records into wrong hands from insecure database

TH Author

Virgin Media, one of the UK’s biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers’ personal information onto the internet via a poorly secured database.

The cableco said it “incorrectly configured” a storage system so that at least one miscreant was able to access it and potentially siphon off customer records. The now-secured marketing database – containing names, home and email addresses, and phone numbers, and some dates of birth, plus other info – had been left open since mid-April 2019.

Crucially, the information “was accessed on at least one occasion but we do not know the extent of the access,” Virgin Media’s CEO Lutz Schüler said in a statement this evening. Said access, we speculate, could have been from an automated bot scanning the internet, or someone prowling around looking for open gear; at this stage, we don’t know.

pupil told off, gets cross with teacher

EE, Virgin Media hit with £13.3m fine: Squeezing users for fees for early contract termination not OK

READ MORE

In a separate email to subscribers, shared with El Reg by dozens of readers, the telco expanded: “The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details (such as name, home and email address and phone numbers), technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth.”

The storage box, we understand, not only contained Virgin Media broadband and fixed-line subscriber records – some 15 per cent of that total customer base – but also info on some cellular users. If a punter referred a friend to Virgin Media, that pal’s details may be in the silo, too.

“Given the nature of the information involved, there is a risk you might be targeted for phishing attempts, fraud or nuisance marketing communications,” customers were told.

Below is the letter in full to Virgin Media punters:

If there is any good news to be had, it is that the database did not include any payment information nor passwords. As you can see above, Virgin Media said it has informed the UK’s privacy watchdog, and brought in an outside investigator to look into the blunder. ®

Sponsored: Quit your addiction to storage

READ MORE HERE