Virgin Media, the UK telecommunications and cable television operator, has suffered an infringement that has resulted in unauthorized access to customer data, which has been reported to have linked some subscribers to content related to porn, gambling and extreme violence.
Virgin Media said in a post that unauthorized access to a marketing database included "limited contact information such as names, home and email addresses, and phone numbers" for approximately 900,000 subscribers. The company continued that the injured database contained no passwords or financial information.
Although Virgin Media characterized the data being accessed as limited contact information, the Financial Times and the BBC reported that the compromised database also contained details from around 1,100 customers who used an online form to block or unblock certain To request websites. Some of these websites offered content with porn, gambling and extreme videos.
"The Financial Times records show the website that has been blocked or unblocked, and are linked to customer names and contact information," the Friday FT article said. "In some cases, parents have asked that pornographic websites be blocked to protect children and other users who ask Virgin Media to allow access to niche websites for adults."
The availability of customer data opens the 900,000 customers affected to spear phishing attacks, in which fraudsters and malware attackers address a target by name or adapt the content of the email to the personal data of the target. Attackers often make the emails appear to the company that violates the data, in this case Virgin Media.
Even worse, unauthorized access to sensitive data opens up a large number of 1,100 other affected customers to extortion programs, much like the devastating hack by Ashley Madison in 2015, a website where Trysts were organized for fraudsters of their spouses and romantic partners Emails threatened to disclose confidential information unless subscribers paid a fee. Five years later, extortion requests continue to come.
Virgin Media said the violation was the result of an incorrectly configured database. Referring to an email to affected customers, the registry reported that the database had been unsecured since at least last April. Virgin Media said that unauthorized access was neither a violation nor a hack, but "a result of incorrect database configuration."
However, among security practitioners, the generally accepted definition of data breach is "a security incident in which sensitive, protected, or confidential information is copied, transmitted, viewed, stolen, or used by an unauthorized person". Even the Merriam-Webster dictionary defines violations as "violations or violations of a law, obligation, commitment or standard". I'm sorry, Virgin Media: An infringement happened right here.