Virgin Media data breach leaves 900,000 customers exposed

6 March 2020

The company says that the data for customers was left unsecure online for 10 months


Virgin Media has apologised for a data breach that has seen the details of 900,000 customers accessed.

The database did not include passwords or financial details. However, it did contain limited contact information such as names, home and email addresses and phone numbers.

The database was accessed on at least one occasion, but Virgin Media does not know the extent of the access or if any information was actually used.

The breach occurred because one of its marketing databases was “incorrectly configured” which allowed unauthorised access.

Access to this database, which has been left unsecured since April 2019, was immediately shut down.

Virgin says it has contacted all affected customers and has informed the Information Commissioner’s Office.

A Virgin spokesperson says in a statement: “Our investigation is ongoing and we have contacted affected customers and the Information Commissioner’s Office.

“We take our responsibility to protect personal information seriously. We know what happened, why it happened and as soon as we became aware we immediately shut down access to the database and launched a full independent forensic investigation.”

Virgin has warned customer about the risks of identity theft and phishing. It says that if anyone has been a victim of identity theft they should contact Action Fraud.

Ernest Doku, telecoms expert at, says: “Almost a million Virgin Media customers will be rightly concerned to learn that their personal data has been accessible and unsecure since last summer.

“10 months is a long time for information useful to scammers, like phone numbers and email addresses, to be left available online.

“While it’s fortunate that only one ‘unknown user’ accessed the information in that time, it only takes one person to sell that information to cyber-criminals.

“Virgin Media will undoubtedly review its policies to make sure that this doesn’t happen again, and reassure its customers that their data is safe.

“If you have been affected by this data breach, be wary of any emails from unexpected sources, and never click on any links in messages that you aren’t 100% confident about.”

How to protect yourself from phishing attacks

Scammers use emails and text messages to trick you into giving out your information. 

Always question unsolicited requests for your personal or financial information, and never click on the links and attachments in emails or texts you receive out of the blue.

Don’t assume a phone call or email is authentic. Phishing emails or texts will often look like they are from a real company that you know or trust.

Just because someone knows your basic details (such as your name or address), it doesn’t mean they are genuine. Criminals can easily spoof the phone numbers and email addresses of companies you know and trust.

If you have been a victim of a phishing scam you should change all of your passwords immediately. The strongest passwords also contain a mixture of capital and lower-case letters, numbers and symbols.

If you have been a victim of fraud or cyber-crime you can report it to Action Fraud online or by calling 0300 123 2040.


Virgin Data Breach

We should all be comforted by the statement by Virgin Media, not. Yes they might receive a large fine for this however the real people, us who suffer as a result of their negligence are not compensated for our loss. In fact they will raise their costs to cover such fines so we pay for their own breach. Disgusting.

10 Months is a very long time!

I am one of the affected customers and am appalled that my details were laid open for unsolicited use for a whole 10 months. Why wasn't this noticed before? I am really unsure about remaining a customer of Virgin Media.

Virgin Media Data Breach

Let's hope that the Information Commissioner punishes Virgin Media with a suitably hefty fine for their incompetence. That is the only way to convince these 'rip off' merchants to get their house in order.

Why aren't Virgin Media Supporting Effected Customers

Having been effected, I called Virgin Media. Customer Services repeatedly apologised but said they weren't putting other safeguards in for effected customers other than they'd closed the breach. I need to report any phishing emails rather than VM providing additional filtering. How is it that any energy company with a data breach several years ago paid for 12 months protection, yet Virgin Media as a communication company do nothing?

I actually got a feedback survey asking how likely I was to recommend the company!

Add new comment