Virgin Media data breach gave away addresses along with other data
Another week another data breach somewhere, but the latest breach affecting some 900,000 customers/visitors to the Virgin Media website may have given scammers lots of ammunition for future scams and potentially cause embarassement for those requesting unblocking of gambling or adult content sites.
The full Virgin Media statement is on their website.
The database did not include any passwords or financial details, such as credit card information or bank account numbers, but did contain limited contact information such as names, home and email addresses and phone numbers. Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion but we do not know the extent of the access or if any information was actually used.Lutz Schüler, CEO of Virgin Media
The news emerged into the public eye on 5th March, with Turgensec who had alerted Virgin Media to the exposed database issuing their own statement on Friday 6th March.
The Turgensec statement includes the full list of fields and while things like addresses are easy to find, it is how scammers will be able to put together this data along with info from other breaches to make attempts to scam individuals even more convincing.
The most immediate concern will be those who may have used the Virgin Media site to get sites blocked or enabled on their account. The blocks cover things like gambling sites and pornography which when combined with the link to an address becomes a very personal affair.
One other concern that seems to be a possibilty is that with account numbers and the other detail leaked it may prove possible for people to via a telephone call to Virgin Media to get the company to reset account passwords locking people out, or use the account information to order mobile phones to third party addresses. The ordering of mobile phones to people who are not expecting one is a relatively common scam, the scam being the scammer knows a phone has been delivered they will impersonate the returns people to retrieve the phone, never revealing their real address.