The misconfigured database was accessed by an unauthorized party on at least one occasion

Virgin Media has disclosed a data leak that exposed the personal information of around 900,000 people. The incident, which impacted around 15% of the British company’s fixed-line customer base, originated from a misconfigured database that was used for marketing purposes.

“The database did not include any passwords or financial details, such as credit card information or bank account numbers, but did contain limited contact information such as names, home and email addresses and phone numbers,” the company’s CEO Lutz Schüler said in a press statement.

Importantly, the telco company’s own investigation found that the database had been accessed by an unknown party at least once. The company is not sure about the extent of the access, nor if the information was misused in any way.

According to an email sent out to customers and quoted by The Register, the database was left unsecured from at least April 19th, 2019. Once the company became aware of the leak, it immediately shut down the database. It followed up by issuing an apology and by informing all affected customers about the type of information that was exposed.

The aftermath

Since the leaked information contained email addresses and other contact information, the company urges its customers to watch out for phishing campaigns.

If you receive an email from an unverified source, you should avoid clicking on it at all costs, as well as refrain from clicking on any suspicious links – this advice applies regardless of whether you’re the company’s customer or not. You can test yourself to see if you’d be able to spot a phishing scam.

In response to the leak, Virgin Media also launched a data-incident help page where it lists details regarding the incident and adds recommendations on what to do. The company also contacted the Information Commissioner’s Office, the UK’s regulatory body dealing with data protection, about the incident.

Data leaks originating from misconfigured databases and public-facing repositories are not a rare occurrence Recent leaks exposed plastic surgery photos of thousands of people and 250 million customer support records belonging to Microsoft.