Virgin Media data breach affects 900,000 customers in the UK

6 Mar 2020

Image: © sharafmaksumov/

Virgin Media said a database in the UK had been accessed on ‘at least one occasion’, and the company is informing any affected customers.

Virgin Media has apologised after a data breach left the personal details of around 900,000 customers in the UK unsecured and accessible.

The UK company, which provides telephone, television and internet services, said that the breach occurred after one of its marketing databases was “incorrectly configured”, which allowed unauthorised access.

It assured those affected by the breach that the database “did not include any passwords or financial details”, but said it contained information such as names, home and email addresses, and phone numbers.

Virgin Media Ireland has confirmed that its customers in Ireland were not impacted by the breach.

Virgin Media Ireland said: “Virgin Media takes the privacy and data protection of each of our customers very seriously. The data privacy matter currently being reported in the UK press does not impact Virgin Media Ireland in any manner whatsoever.”

‘Shut down immediately’

Virgin Media said that access to the database had been shut down immediately following the discovery but, by that time, the database was accessed “on at least one occasion”.

It added that it was unsure the extent of the access or if any information was actually used. It has been reported that the database has been unsecured since April 2019.

In a statement, the company said: “We recently became aware that one of our marketing databases was incorrectly configured, which allowed unauthorised access.

“We immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed line customers representing approximately 15pc of that customer base. Protecting our customers’ data is a top priority and we sincerely apologise.”

Accessed on at least one occasion

Virgin Media added: “The database did not include any passwords or financial details, such as credit card information or bank account numbers, but did contain limited contact information such as names, home and email addresses and phone numbers.

“Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used.

“We are now contacting those affected to inform them of what happened. We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party.”

Adam French, Which? consumer rights expert, said: “This data breach has exposed the data of almost a million Virgin Media customers and whilst no financial details or passwords were included, those customers are likely to be worried.

“It is vital that Virgin Media continues to provide clear information on what has happened.

“For anyone concerned they could be affected – it’s good practice to update your password after a data breach. Also, be wary of emails regarding the breach, as scammers may try and take advantage of it.”

Virgin Media said that online security advice and help on a range of topics is available to customers on its website.

– PA Media

Updated, 1.54pm, 6 March 2020: This article has been updated to clarify that the data breach did not affect customers of Virgin Media Ireland.