A breach of Virgin Media’s database has exposed customers’ contact details to porn, gambling, and shock sites. The UK company revealed on Thursday that personal information from 900,000 customers was available online from 29 April 2019 to 28 February 2020 and was accessed at least once by an unknown person. It also said the breach had occurred due to an incorrectly configured marketing database, which it blamed on a negligent staff member.
Speaking at a press conference CEO Lutz Schuler urged customers to remain calm and said that the data was not stolen. "There is no evidence that the data taken has been used in the wrong way. We want to avoid any panic".
The company said that the information in the database did contain logins and passwords or financial details noting that only limited contact information was available.
However, cybersecurity firm TurgenSec, which uncovered the incident, claims that the exposed data was sensitive. The information included names, emails, addresses, phone numbers, and details of customers’ contracts. It also included requests to unlock access to pornographic and violence-related websites.
TurgenSec said this data could be used by hackers and cybercriminals in order to extort money from Virgin Media customers. "Stating to their customers that there was only a breach 'of limited contact information' is from our perspective understating the matter potentially to the point of being disingenuous", TurgenSec’s spokesman told the BBC.
Virgin Media strongly refuted the claim. The company has apologised for the breach and stressed that protecting its customers is its "top priority".
