Skip to main content

Virgin Media breach disclosed details about adult content and gambling habits

British telecom provider Virgin Media experienced a data breach that allowed unauthorized access to highly personal information about hundreds of customers.

“We recently became aware that one of our marketing databases was incorrectly configured which allowed unauthorized access,” Lutz Schüler, CEO of Virgin Media said in a statement. “We immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed-line customers representing approximately 15% of that customer base. Protecting our customers’ data is a top priority and we sincerely apologize.”

Schüler went on to say that the database which was accessed did not include passwords or financial information such as credit card numbers or bank account numbers. However, it did contain names, addresses, email addresses, and phone numbers.

Virgin Media also confirmed that the database was accessed by unauthorized parties at least once. The company said it would contact affected customers and give them more information.

Virgin Media behaved “disingenuously”

The compromised data may not have included financial information, but it did include plenty of data that customers would have wanted to keep private. As reported by the BBC, the information included details on 1,100 customers who had requested specific websites to be blocked or unblocked, including sites dedicated to gambling, violence, and adult content.

This information could not only be embarrassing to customers but could also be used by cybercriminals to extort money, security experts warned.

The security firm that discovered the breach, TurgenSec, said in a statement that Virgin Media’s description of the breach including only “limited contact information” was “understating the matter potentially to the point of being disingenuous.”

The researchers went on to recommend “that all customers affected by this breach immediately issue a GDPR request to Virgin Media to identify exactly what information has been breached, and what information the company continues to hold on them,” as “[t]he limited information issued by Virgin Media, in our opinion, does not adequately cover the extent of this.”

“It is upsetting to see that even in a post-GDPR world, companies are still not living up to the intended spirit of the law,” the firm said. “Companies like to downplay the impacts whilst upselling their supposed care and due diligence in an attempt to place shareholder value over their customer’s rights.”

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
OnePlus customer data stolen in second data breach in two years
oneplus 7t macro lens iphone 11 lacks cameras

Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.

This comes less than two years after up to 40,000 customers' private information was stolen from OnePlus, leading to credit card fraud using customers' details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.

Read more
British Airways hit with a massive fine for 2018 data breach
british airways cabin crew given ipads

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

Read more
Lawsuit alleges Apple disclosed information about iTunes purchases
hands on itunes radio cant out dj pandora but it sure does look pretty main

Apple may promote itself as a privacy-focused company, but a new lawsuit alleges that it sells off personal data regarding iTunes purchases.

The lawsuit was brought by three iTunes customers from Rhode Island and Michigan to federal court in San Fransisco on Friday, according to Bloomberg. The three customers are filing on behalf of all the iTunes customers whose information could have been sold or shared without their consent.

Read more