Virgin Media data breach 'links customers to porn'

(Image credit: Shutterstock.com / Jevanto Productions)

Virgin Media has reported a data breach affecting 900,000 customers, caused by a failure to secure a marketing database.

The company says the incident was not due to a cyberattack, but rather a misconfigured database which left personal details unsecured and available for anyone to access for 10 months.

The breach compromised sensitive customer information, including phone numbers, email and home addresses, though no financial information was leaked. 

Researchers have also claimed that the information held on the database could link customers to pornography and other explicit websites.

Virgin Media confirmed the database held records of roughly 1,100 customers who had asked for certain sites to be unblocked via an online form.

The company has confirmed the information was accessed “on at least one occasion” by an unauthorised user.

Virgin Media data breach

Virgin Media first became aware of the issue last week, after it was identified by a researcher at security firm TurgenSec.

The majority of those affected were customers with television or landline telephone accounts, though some mobile customers also featured on the database.

The nature of the compromised information means the group is at increased risk of phishing attacks, nuisance calls and identity theft. 

“We recently became aware that one of our marketing databases was incorrectly configured, which allowed unauthorised access. We immediately solved the issue by shutting down access,” Lutz Schüler, CEO of Virgin Media, said in a statement.

“Based upon our investigation, Virgin Media does believe the database was accessed on at least one occasion, but we do not know the extent of the access or if any information was actually used.”

“Protecting our customers’ data is a top priority and we sincerely apologise,” he added.

However, TurgenSec believes the data exposed is more extensive and incriminating than Virgin Media first let on, and could also be used to hold victims to ransom.

"Stating to their customer that there was only a breach of 'limited contact information' is from our perspective understating the matter potentially to the point of being disingenuous," said a TurgenSec researcher.

"These highly sensitive details could be used by cyber-criminals to boost the chances of extorting money from victims."

Virgin Media has informed the Information Commissioner’s Office and alerted the affected individuals via email.

Via BBC

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
Google Chromecast 2
Chromecasts are still broken – but Google tells fuming owners not to factory reset their devices
ChatGPT
ChatGPT wants to write your next novel, and readers and writers alike should be very worried
Garmin Instinct 3 next to the Apple Watch Ultra 2
New figures claim the smartwatch market just shrunk for the first time ever, and the Apple Watch Ultra 3 is to blame
Hitman: World of Assassination on PSVR 2.
Hitman: World of Assassination hits PSVR 2 soon, finally giving you a reason to dust off your headset