Virgin Media has contacted customers with news of a data breach. A database containing details of 900,000 people was left unsecured and accessible online for 10 months.
The email to customers read:
We are very sorry to have to inform you that we recently became aware that some of your personal information, stored on one of our databases has been accessed without permission. Our investigation is ongoing but we currently understand that the database was accessible from at least 19 April 2019 and that the information has been recently accessed.
To reassure you, the database did NOT include any of your passwords or financial details, such as bank account number or credit card information.
The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details (such as name, home and email address and phone numbers), technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth. Please note that this is all of the types of information in the database, but not all of this information may have related to you.
We take our responsibility to protect your personal information seriously. We know what happened, why it happened and as soon as we became aware we immediately shut down access to the database and launched a full independent forensic investigation. We have also informed the Information Commissioner’s Office.
Given the nature of the information involved, there is a risk you might be targeted for phishing attempts, fraud or nuisance marketing communications. We understand that you will be concerned so we are writing to everybody affected to provide reassurance, guidance and support. We have put all of the latest information on our website https://www.virginmedia.com/help/data-incident, including some advice on how to stay safe online, such as:
• Advice from the Information Commissioner’s Office on how you can avoid or report nuisance marketing calls, emails and texts (https://ico.org.uk/)
• How to be vigilant by not providing your personal information to anyone suspicious online, by phone, email or text. If you want more information, you can get it here https://www.getsafeonline.org/protecting-yourself/spam-and-scam-email/
• How you can protect yourself from the risk of identity theft (which is when someone uses someone else’s personal information to obtain goods, services or money without permission) and other types of fraud. The Information Commissioner’s Office has information online here https://ico.org.uk/your-data-matters/identity-theft/
Although no financial, banking details or account passwords were accessed, it is always a good idea to make sure that your passwords are strong and not easy to guess. There is some advice here on how to set a strong password https://www.virginmedia.com/help/how-to-create-a-strong-password.
If having read this email and visited our website you still have questions, you can contact us on 0800 052 2621, but please be aware our customer service advisors do not have any further information at this stage.
Once again, we sincerely apologise for what has happened.
CEO, Virgin Media
While it’s fortunate that passwords and bank details were not accessed there is still a lot of information for scammers to work with.
As per Virgin’s advice, you should check and change your passwords, ideally manage passwords using a password manager such as LastPass.