

Virgin Media has reported a data breach affecting 900,000 customers, caused by a failure to secure a marketing database.

The company says the incident was not due to a cyberattack, but rather a misconfigured database which left personal details unsecured and available for anyone to access online for 10 months.

The breach compromised sensitive customer information, including phone number, email and home addresses, however Virgin Media says that the database contained no financial information or account passwords.

The company has confirmed the information was accessed “on at least one occasion” by an unauthorised user. Virgin Media first became aware of the issue last week, after it was identified by a researcher at security firm TurgenSec.

The majority of those affected were customers with television or landline telephone accounts, though some mobile customers also featured on the database and the nature of the compromised information means the group is at increased risk of phishing attacks, nuisance calls and identity theft.

“We recently became aware that one of our marketing databases was incorrectly configured, which allowed unauthorised access. We immediately solved the issue by shutting down access,” Lutz Schüler, CEO of Virgin Media, said in a statement.

“Based upon our investigation, Virgin Media does believe the database was accessed on at least one occasion, but we do not know the extent of the access or if any information was actually used.”

“Protecting our customers’ data is a top priority and we sincerely apologise,” he added.

The company has informed the Information Commissioner’s Office and alerted the affected individuals via email.