Experts Insight On News: Virgin Media Data Breach Affects 900,000 People

As reported by BBC News, a Virgin Media database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months, the company has admitted. The information was accessed “on at least one occasion” by an unknown user. The database, which was for marketing purposes, contained phone numbers, home and email addresses. It did not include passwords or financial details. The breach was not due to a hack or a criminal attack, but because the database had been “incorrectly configured” by a member of staff not following the correct procedures, Virgin Media said.


EXPERTS COMMENTS
Robert Capps, VP ,  NuData Security
March 09, 2020
This is helping render much of this stolen data valueless, as it is not enough for bad actors to succeed in their schemes.
Dark web data brokers are hard at work scraping up any piece of data exposed or breached. With each ounce of information, cybercriminals are putting the pieces of a consumer’s identity together to create a full data profile of an innocent consumer. Cybercriminals use these real consumer identity profiles to open lines of credit, or take over online accounts to fraudulently secure goods and servi ....
[Read More >>]
Stuart Reed, VP ,  Nominet
March 06, 2020
Monitoring at the DNS level can also provide insights into where data is being exposed to the web and what might be leaving your network.
Despite repeated high profile cases of companies failing to secure their servers properly this is clearly still a widespread problem. While Virgin Media didn’t store any passwords in the database it did contain customer contact information which can still be used by criminals to aid their phishing campaigns. What is troubling is that it is unknown how much, if any, information was accessed durin ....
[Read More >>]
Marco Essomba, Founder,  iCyber-Security
March 06, 2020
Network & security managers, as well as infosecurity executives, must have the right cyber risk management and reporting tools.
This recent breach highlights once again the challenges that Internet Service Providers (ISP) face to protect sensitive customer data. In this case a human error seems to have been the root cause of the configuration error that lead to the breach. However, it's surprising that it took Virgin Media ten months to detect and patch the flaw. In simple terms, these types of breaches occur because many ....
[Read More >>]
Brian Higgins, Security Specialist,  Comparitech.com
March 06, 2020
Don’t help criminals make a bad situation even worse.
The moment a breach like this is made public is the most dangerous time for any customers of the business that fell victim. Criminal organisations will take full advantage of the fear and vulnerability it generates in the whole consumer community. It is absolutely vital that Virgin Media customers do not engage with, or respond to, any unsolicited communication from anyone claiming to be from Virg ....
[Read More >>]
Martin Jartelius, CSO ,  Outpost24
March 06, 2020
Overall, this is just one more of the open exposed databases leading to breaches we are seeing lately.
It is important to note here is that this is more like a phone-book lost, than a breach affecting passwords or credentials. It can be used by attackers to tie a real name to your email, but for the end users the leak as an incident is of less importance. It is good to see that Virgin is working with informing authorities as well as the affected customers. Overall, this is just one more of the open ....
[Read More >>]
Peter Draper, Technical Director, EMEA,  Gurucul
March 06, 2020
Please - if you run any services that collects customer data, have your teams double and triple check that they are secured correctly.
This data breach is wholly down to human error which is one of the biggest threats facing organisations today. The incorrectly configured data is an example of a sole employee not following the correct procedures and exposed hundreds of thousands of personal details of customers. The risk associated with incorrectly configured databases have been highlighted many times. The content of the databa ....
[Read More >>]
Stuart Sharp, VP of Solution Engineering,  OneLogin
March 06, 2020
Misconfiguration is a term used really to hide the fact baseline controls haven’t been put in place like privileged user access controls.
We are still seeing service providers failing to follow fundamental best practices to secure their customers’ data. The fact the data was accessed without the need for advanced hacking techniques using a misconfiguration that was in place for 10 months highlights how important it is to carry out regular security reviews of systems holding sensitive data, and to put in place access control monito ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
March 06, 2020
While cloud platforms bring many benefits, there are different kinds of risks that present themselves.
Not a week seems to go by without a cloud database being left publicly accessible. While this one didn't contain passwords, there was enough personally identifiable information to make it a significant breach. While cloud platforms bring many benefits, there are different kinds of risks that present themselves. So it's important that staff are fully trained with the new technologies and are awa ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
March 06, 2020
Coupled up with Virgin’s broadband outage in the week, this could be a particularly good target for malicious actors to prey on.
Leaving data insecure should seriously be a thing of the past, yet this just highlights that major companies are still unaware of exactly where their data is and how vulnerable it may be to cyber attacks. Whilst no passwords or bank details were under any risk of compromise, this is still enough for a cyber criminal to take advantage of. Usually, the next step for attackers will be to follow up ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article