A huge chunk of Virgin Media’s marketing database was exposed online for a 10 month period. And according to the company, at least one person has snooped on all that juicy info. This is massive breach could see Virgin slapped with the maximum GDPR fine.
In a slightly panicked statement, Virgin did its best to reassure customers that no passwords or financial details were listed in the exposed information. The only thing that could potentially have been swiped are the names, phone numbers, emails, and addresses of customers. So while you won’t see any strange activity in your bank account, you might have to brace yourself for a slew of phishing emails and cold calls.
Related: Best Wi-Fi extenders
Issuing a statement after the incident, Lutz Schüler, CEO of Virgin Media said: “We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorised access. We immediately solved the issue by shutting down access to this database…”
The information was accidentally exposed, rather than actively hacked, but Virgin still says that it suspects the data stash has been accessed at least once by an unidentified individual. At this stage, no-one knows the extent of that access, or if this individual has plans to use the data for dark and evil purposes.
Virgin seems keen to underline the fact that the breach was caused by insufficient protection, and definitely not a hack. But the fact that it’s down to human negligence doesn’t make the situation any better.
Related: Best VPNs for 2020
The company has reported itself to the Information Commissioner’s Office – which it has to, by law – and it may well see a fine coming its way.
According to Jonathan Compton, partner at DMH Stallard, that fine could be fairly hefty: “The maximum under the 1998 Act for data transgressions during the period that that Act was in force was £500,000. Under the new Act, the penalties rise to Euro 20m or 4% of global turnover, whichever is the greater. Fines towards the maximum of the applicable Act are likely. This was a serious breach, over a long period, affecting nearly 1m people.”
Virgin says it is in the process of getting in touch with everyone who has been affected by the breach.