Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database.

Virgin Media is a leading cable operator in the U.K. and Ireland, and it delivered 14.6 million broadband, video, and fixed-line telephony services to approximately 6.0 million cable customers, as well as mobile services to 3.3 million subscribers at December 31, 2019, according to the company's preliminary Q4 2019 results.

Database exposed for almost a year

According to an ongoing investigation, Virgin Media discovered on February 28, 2020, that the exposed database was accessible from at least April 19, 2019, and it was recently accessed by an unauthorized party at least once although the company doesn't know "the extent of the access or if any information was actually used."

Lutz Schüler, CEO of Virgin Media, said in a press release that the company "immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed-line customers representing approximately 15% of that customer base."

"The database did not include any passwords or financial details, such as credit card information or bank account numbers, but did contain limited contact information such as names, home, and email addresses and phone numbers," he added.

We are now contacting those affected to inform them of what happened. We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party. - Lutz Schüler, CEO of Virgin Media

Exposed customer information

The database was used to store and manage information on existing and potential Virgin Media customers and it included:

• contact details (such as name, home and email addresses, and phone numbers) • technical and product information • customers' dates of birth (in a very small number of cases)

"Please note that this is all of the types of information in the database, but not all of this information may have related to every customer," Virgin Media says.

The company also says that the unsecured database was not used to store customer passwords or financial details, like bank account numbers or credit card information.

Virgin Media advises customers who think that they might have been victims of identity theft to reach out to their bank or credit card company to inform them of any out of ordinary transactions or applications made in their name without their knowledge.

Customers were also warned over e-mail that they might be targeted by phishing attacks, fraud, or nuisance marketing communications.

Earlier today, T-Mobile also announced a data breach caused by an email vendor that got hacked and exposed the personal and financial info of some of its customers.