Virgin Media has apologised to customers after admitting that a database containing personal details of more than 900,000 of its customers was left accessible for 10 months.
The company assured customers that no passwords or financial information were made available, but the database did include names, home and email addresses and phone numbers.
No hack has taken place, but a mistake by a staff member who failed to follow correct company procedures meant the database was “incorrectly configured”, leaving it open.
The company released a statement this week, saying: “We recently became aware that some personal information, stored on one of our databases has been accessed without permission.
“This included: contact details (such as name, home and email address and phone numbers), technical and product information, including any requests you may have made to us using forms on our website.
“In a very small number of cases, it included the date of birth. Please note that this is all of the types of information in the database, but not all of this information may have related to every customer. To reassure you, the database did NOT include any passwords or financial details, such as bank account number or credit card information.”
- IoT Scotland Extends its network connectivity to the Scottish Borders
- Carnival cruise lines announces cyber attack on its systems
- Watchdog claims one billion Android devices at risk of cyberattacks
The database was used to manage information about Virgin’s existing and potential customers concerning the company’s marketing activities.
“We take our responsibility to protect personal information seriously. We know what happened, why it happened and as soon as we became aware, we immediately shut down access to the database and launched a full independent forensic investigation,” Virgin said.
The company stated that the investigation into the incident is ongoing, and that affected customers had been contacted and informed of what their next steps should be.
Virgin Media also said they immediately informed the Information Commissioner’s once the breach had been discovered.