Skip to main content

Virgin Media breach disclosed details about adult content and gambling habits

British telecom provider Virgin Media experienced a data breach that allowed unauthorized access to highly personal information about hundreds of customers.

“We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorized access,” Lutz Schüler, CEO of Virgin Media said in a statement. “We immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed-line customers representing approximately 15% of that customer base. Protecting our customers’ data is a top priority and we sincerely apologize.”

Related Videos

Schüler went on to say that the database which was accessed did not include passwords or financial information such as credit card numbers or bank account numbers. However, it did contain names, addresses, email addresses, and phone numbers.

Virgin Media also confirmed that the database was accessed by unauthorized parties at least once. The company said it would contact affected customers and give them more information.

Virgin Media behaved “disingenuously”

The compromised data may not have included financial information, but it did include plenty of data that customers would have wanted to keep private. As reported by the BBC, the information included details on 1,100 customers who had requested specific websites to be blocked or unblocked, including sites dedicated to gambling, violence, and adult content.

This information could not only be embarrassing to customers but could also be used by cybercriminals to extort money, security experts warned.

The security firm that discovered the breach, TurgenSec, said in a statement that Virgin Media’s description of the breach including only “limited contact information” was “understating the matter potentially to the point of being disingenuous.”

The researchers went on to recommend “that all customers affected by this breach immediately issue a GDPR request to Virgin Media to identify exactly what information has been breached, and what information the company continues to hold on them,” as “[t]he limited information issued by Virgin Media, in our opinion, does not adequately cover the extent of this.”

“It is upsetting to see that even in a post-GDPR world, companies are still not living up to the intended spirit of the law,” the firm said. “Companies like to downplay the impacts whilst upselling their supposed care and due diligence in an attempt to place shareholder value over their customer’s rights.”

Editors' Recommendations

Hack involved the data of a nation’s entire population
A depiction of a hacker breaking into a system via the use of code.

Hackers are well known to nab customer data held by companies, but obtaining the personal data of pretty much all of the residents of a single nation in one fell swoop takes the nefarious practice to a whole new level.

The remarkable feat was allegedly performed by a 25-year-old Dutch hacker who, when arrested by police, had in his possession personal data linked to pretty much every resident of Austria -- about nine million people.

Read more
Hackers dug deep in the massive LastPass security breach
The LastPass logo appears in front of a menacing hooded figure.

The cybersecurity breach that LastPass owner GoTo reported in November 2022 keeps getting worse as new details are revealed, calling into question the company's transparency on this serious issue.

It has been two months since GoTo shared the alarming news that hackers stole the usernames, passwords, email addresses, phone numbers, IP addresses, and even billing information of LastPass users. In GoTo's latest blog update, the company reported that several of its other products were compromised as well.

Read more
If you use PayPal, your personal data may have been compromised
A person holds a mobile phone with the PayPal app open.

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here's what we know about what happened and how to protect yourself.

Read more