Data Breach Incident
 

Be aware folks.

I’ve just been informed by Virgin Media that they recently became aware that some of your personal information, stored on one of our databases has been accessed without permission. Our investigation is ongoing but we currently understand that the database was accessible from at least 19 April 2019 and that the information has been recently accessed.

More details can be found here

https://www.virginmedia.com/help/data-incident

Re: Data Breach Incident
 

Just received the email. I did have a marketing call today from someone with a very strong Asian accent but although the caller sounded vague the number 08000521251 does appear to be a legitimate VM number.

Re: Data Breach Incident
 

Got this via email

Re: Data Breach Incident
 

Probably explains why for the last several months i've had an increase of spam emails that seem to have now stopped.

Re: Data Breach Incident
 

Hardly surprising. VM's security practices are a bit lax. The passwords for my VM are still:
That is a hilariously small namespace to brute force and doesn't encourage strong passwords at all.

Re: Data Breach Incident
 

Not had an email so hopefully I am lucky.

Re: Data Breach Incident
 

It’s a complete joke make a secure password as long as it’s 8 to 10 characters and doesn’t contain special characters. I have tweeted them about their lax password before and no response.

Re: Data Breach Incident
 

In the news now; https://www.bbc.co.uk/news/business-51760510

Re: Data Breach Incident
 

Yes same it’s been very annoying

Re: Data Breach Incident
 

https://www.theguardian.com/media/20...y_to_clipboard

A 'marketing' database apparently. Makes even more sense to opt out of all marketing, so your details aren't shared about so much. They should lock a few VM execs up for not to protecting data securely. They'd soon tighten up.

Re: Data Breach Incident
 

Funny thing is I have opted out of marketing From virgin media years ago and still I got an email saying my details were part of a data breach.

Re: Data Breach Incident
 

It's entirely possible that your details were part of a database that contained a "Optin: false" flag.

Re: Data Breach Incident
 

Not had an email but for the last few months my ex-directory VM phone line is getting a cold call at least once a day.

Re: Data Breach Incident
 

Just got the email, bollocks to Virginmedia not happy.

Re: Data Breach Incident
 

Keeping it hidden from the public domain for that period is not good.

Re: Data Breach Incident
 

Does not matter if you are Ex directory or not, the lastest auto dialer systems just ring every number in a range based off the area code and any sub code IE 01942 000001 to 999999.

Re: Data Breach Incident
 

'A customer database left unsecured online by Virgin Media contained details linking some customers to pornography and explicit websites'. mmm?

Re: Data Breach Incident
 

Where does that info come from ?

Re: Data Breach Incident
 

Re: Data Breach Incident
 

Ok so they send us an email warning us about phishing etc, big ****ing deal Virgin, i'd expect some sort of compensation to those affected!

Re: Data Breach Incident
 

l somehow doubt you will get any MM.

Re: Data Breach Incident
 

Take them to court, they haven't protected your data and broken GDPR rules.

They'll be a nice little fine coming their way if nothing else.
https://www.itpro.co.uk/security/dat...wing-data-leak

Re: Data Breach Incident
 

Another one to receive e mail from Virgin!
Does that explain why I got 14calls from Virgin sales last week on my payg mobile.

Re: Data Breach Incident
 

Thanks for that , Mr K, I will be looking into this.

Re: Data Breach Incident
 

Organise a class action. ;)

Re: Data Breach Incident
 

I will be in contact with them in Monday the amount of spam am receiving is shocking and phone call from people staying they’re from virgin mobile but very much doubt that as what thay have said down the phone has been shocking.

Attachment 28238

Re: Data Breach Incident
 

Good, its not their job to force ridiculous passwords on people.

---------- Post added at 22:16 ---------- Previous post was at 22:13 ----------

Compensation for spam ? Good luck with that ;)

I have a spam filter on my e-mail, and a delete button - dont you ?

Re: Data Breach Incident
 

I think it's a bit more than the spam, don't you? Someone has let loose the personal details of customers, they haven't done their job in protecting those customers, so it's a bit more serious than you are making it out to be, if Virgin could be on the end of a £20 million pound fine I'd say that's quite serious, don't you?

Re: Data Breach Incident
 

Nice try, but none of that has anything to do with the statement about passwords.

Your password is your responsibility, no one elses.

Re: Data Breach Incident
 

Not all spam is down to data breaches.

Re: Data Breach Incident
 

Originally Posted by JPAC View Post
'A customer database left unsecured online by Virgin Media contained details linking some customers to pornography and explicit websites'. mmm?

So i ask again where does it say that >

Re: Data Breach Incident
 

Ummm - the first paragraph?

Re: Data Breach Incident
 

Got it, should be interesting :) some maybe worried then

Re: Data Breach Incident
 

Yes, taken from the title of the page and the start of the page in bold copy text.

See how you get on with this one.
https://www.theregister.co.uk/2020/0..._leak_details/

Re: Data Breach Incident
 

From that article.

‘Turgensec urged all Virgin Media customers who received a notice from the broadband provider to file a GDPR request for a full breakdown of what data of theirs was spilled. With 900,000 people affected.’

And,

Virgin Media added it is developing a tool to allow customers to search exactly what of their account information was exposed. ®

Re: Data Breach Incident
 

The information gleamed is no more than you can get from the phone book, apart from emails that people give out freely to just about anybody and anyone.

Re: Data Breach Incident
 

So you can get internet sites that you have visited from the phone book? :shocked:

Re: Data Breach Incident
 

As far as I am aware your browsing history was not at risk, unless you know otherwise?

Re: Data Breach Incident
 

What?

It bloody well is!

Re: Data Breach Incident
 

I agree, VM's password policy is a bit wanting, in fact it seems everything they do in terms of security is wanting. Given this is a breach of GDPR I hope the fine they will eventually get will get them wake up and get their systems in order, there is zero excuse for it and a culture change is needed.

If I did something like this at my place I'd be fired thus take security very seriously. I'm an ex-VM customer (left July 2019) and sent a GDPR request myself about my own data they could still have.

Re: Data Breach Incident
 

No idea what that link is supposed to show, but no, its not - its your responsibility.

Re: Data Breach Incident
 

Virgin's policy in several areas is rather wanting and only limiting users to 10 characters at most and not even allowing punctuation marks is ridiculous in this day in age. So Virgin have an element of responsibility to allow a decent password makeup also but to me it sounds like your blaming the end user entirely on password policy.

It would be good to allow users to set more secure passwords without Virgin being silly and saying no you can't have x or y in a password.

Maybe the GDPR fine they will eventually face will force them to rethink their practices.

Re: Data Breach Incident
 

Nobody's asking them to force ridiculous passwords on people, but it's irresponsible for them to limit your potential password strength as well. The issue isn't that Virgin doesn't mandate a stronger password, it's that you don't even have the option to use one if you want.

This is not true. It also listed what websites people had asked to block and unblock, which is definitely information that could be used to blackmail or scam the customer.

Imagine someone gets a phone call from "tech support" saying they caught a virus from <some porn website that they've definitely been on>. That's not good at all.

Even if it was "just" information you'd get from a phone book, many people are ex-directory for a reason and privacy is a right that Virgin has failed to protect.

Re: Data Breach Incident
 

There was a spate of phishing/scam emails not too long ago where people were receiving blackmail emails, basically "we know you visited greasygrannies.com and will make this public knowledge if you dont pay us £1k in bitcoin".

Whilst it was just a scam and the websites weren't actually visited, imagine those guys actually got hold of this database: they'd know what sites you'd submitted and could make fairly accurate threats and possibly even follow through on them. The original attempt was just a mass spam attempt to hopefully get a small number of fools, but actually being able to target people...

Re: Data Breach Incident
 

GreasyGrannies.com . . it used to be ok, but since I got this new 4K monitor it just doesn't look so good ;)

Re: Data Breach Incident
 

In that scam they had got hold of Linked Ins emails and passwords, I know because I got one of them. They tried to say that we know your Linked in username is XXXXXXXX and password is XXXXXXX. if you don't send us the money we'll send a video to all your Linked In connections.

Re: Data Breach Incident
 

PORN COCK-UP Virgin Media faces £4.5billion fine after exposing customers’ PORN searches

VIRGIN Media faces a comp- ensation bill of £4.5billion after leaving customers’ private details online, including which porn sites they watch. The telecoms giant left the personal details of 900,000 customers accessible for ten months.

Full names, email addresses, dates of birth, telephone numbers — and also their requests to unblock explicit websites — were listed. The database, used for marketing purposes, included 1,100 names who asked for adult websites to be unblocked by using online forms.

Most phone networks automatically block the sites and ask users to provide proof of age. The data breach did not include passwords or financial details. Your Lawyers, a consumer action and data breach law firm, is suing Virgin Media for affected customers after the breach was uncovered by a security researcher earlier this year.

It estimates each of them could be in line for £5,000 compensation for financial and emotional distress.

Crooks could have used the information to blackmail or scam victims. The cock-up was caused by an incorrectly configured database.

https://www.thesun.co.uk/money/11266...ata-leak-porn/


Virgin Media customers who received and still have proof (email sent from VM) you can join the Virgin Media Data Breach Group Action below to seek compensation.

https://www.yourlawyers.co.uk/

Re: Data Breach Incident
 

I would have thought compensation would only be applicable if the individuals concerned could prove that their "porn search" had actually been made public or if they had proof of being blackmailed or something like that for emotional distress.

Re: Data Breach Incident
 

I would guess that today’s ambulance chasing lawyers will argue that every single person sent the email would have been exposed to some degree of inconvenience even if like me it was just a noticeable increase in spam.

I have already deleted the email.:angel:

Re: Data Breach Incident
 

Cheers Gavin, i've just done this, five grand would come in very handy. It would also help to impress the importance of keeping customer details safe on this incompetent company in the only way they understand.

---------- Post added at 18:36 ---------- Previous post was at 18:34 ----------

Yes, claimants have to confirm that this has caused them distress and in what way.

Re: Data Breach Incident
 

Let's say you win, let's say lots of people win, then you'll complain prices will rise due to them trying to recoup the costs.

Re: Data Breach Incident
 

Never had you down as a consumer of specialist adult sites.

Re: Data Breach Incident
 

I'm thinking of dumping VM completely anyway as their already atrocious customer service is now actually getting worse.

---------- Post added at 19:07 ---------- Previous post was at 19:03 ----------

It wasn't just porn related data though, they left details of names, addresses, phone numbers etc for all to see.

I received an email saying that they had accessed my webcam whilst I was watching extreme porn and a threat that, if I didn't pay, the video would be released.

I've had phone calls to my ex directory private number trying to scam me too

Re: Data Breach Incident
 

Until they offer you discount, then its rinse and repeat.

I've had the same email and it had nothing to do with VM

Re: Data Breach Incident
 

Is your email unique to VM, not used on any other site, at all, ever ?
Unless it is, you cannot prove that spammers got it from that specific database.
Also, do you have a webcam, did you watch porn ? if not then the "threat" is meaningless.

So ? ex directory means very little, scammers just dial numbers in turn.
Also, again, is VM the only site, ever, that has your phone number ?

Re: Data Breach Incident
 

It's now that bad that I think i'd rather pay more for a better service, having said that, for what I watch Freeview/Freesat would do me. Maybe dip in and out of Now TV too.

I assumed that the email was as a result of the VM data breach, which caused me some distress. Even if it wasn't, the fact that the data breach took place made the situation worse.

---------- Post added at 20:25 ---------- Previous post was at 20:21 ----------

Yes, i've read that they have auto dialers starting with specific number ranges and gradually moving forward.

I only use the VM email address that I received the blackmail attempt on for VM business as I didn't want any hassle should I ever leave them. It was awful, it even said that thst I should think twice befire going to the police!

I do have a webcam, but aren't into watching porn, but you never know how scammers can doctor things these days. I did seek professional advice and was advised that it was just a random attempt to frighten those who have been watching inappropriate porn.

Re: Data Breach Incident
 

The data may have been open, but nobody noticed and accessed it.

Re: Data Breach Incident
 

If you dont watch porn, why did you need to seek 'professional' advice over something you know couldn't be true?

Re: Data Breach Incident
 

It's been confirmed by VM that the data was actually accessed.

---------- Post added at 20:47 ---------- Previous post was at 20:46 ----------

Because blackmail, or attempted blackmail, is a serious criminal offence.

Re: Data Breach Incident
 

How is that relevant ?
Blackmail is impossible if you havent done what they said, and you said you havent.

Re: Data Breach Incident
 

It doesn't matter whether or not someone tried to use that data against you (be it blackmail or regular "spam"), what matters is that it was exposed and leaked by Virgin.

Virgin - and any other company holding your personal information - has a responsibility to look after that personal information.

It's not up to you or anyone else to decide if that information is okay to be out in public or not, that's what makes it personal information and even if you personally don't give a crap about your own information, others get to decide on their own information.

For far too long, companies haven't taken this seriously. This is why we ended up with GDPR, as much as people love to hate it and all the stupid emails that came with it, it's a direct result of companies not taking this kind of thing seriously.

All that being said, I'm not sure how much I would trust yourlawyers.co.uk, this seems like an utter cash grab. And there's no way 900,000 people are getting £5k each.

Re: Data Breach Incident
 

Of course it is, but you cant blackmail someone if they haven't done the thing you have accused them of. You said you seeked professional advice, what advice were you looking for if you knew it was just spam? If you were that concerned why didn't you just report it to your service provider and or the Police.

Re: Data Breach Incident
 

If successful and VM aren't ordered to pay costs, they take 35% of your compensation. If the case is unsuccessful, they don't charge anything, so will have lost out financially.

They must have worked out that, on balance, they will win enough cases to cover their costs and make a profit.

---------- Post added at 21:15 ---------- Previous post was at 21:11 ----------

I was advised that blackmail, whether it involved something that was true or not, is an offence.

If someone threatened to tell the school where a teacher worked that s/he was a paedophile (when they weren't) unless they paid them money, this would be an offence AIUI.

Re: Data Breach Incident
 

You really want to waste police time over this? I bet virgin staff would jump for joy when finally go.Which I don't think you ever will guess what freeview won't gives damn about you!

Re: Data Breach Incident
 

Interesting, thanks. I couldn't see their fees mentioned anywhere on the website.
If it is 35% the firms usually charge VAT on top, so effectively 42%.

Re: Data Breach Incident
 

I hope you get a big fat zero.

Re: Data Breach Incident
 

Just because you have a ex directory number does NOT mean you will not get calls from the call centres that scam you. All they do is use an auto dialer device with software that can be programmed to dial numbers in a given range, IE 01946 000001 to 01946 999999. They can also give out random numbers to fool the anonymous caller systems. As you can see they can cover every number. They can also do the same for mobile numbers as well. The area codes for the uk are freely available on the internet and you can bet they share them from centre to centre. So just because you suddenly start getting calls does not mean your number has been found from a hack of a server but it could be because someone is using a dialer and software

Re: Data Breach Incident
 

Explain where it was mentioned that any police time was wasted and by whom? I bet Virgin staff would jump for joy more when you stop stealing Virgin Media services as yoy have admitted to and putting their livelihoods in difficulty.

---------- Post added at 13:27 ---------- Previous post was at 13:27 ----------

And why would that be?

---------- Post added at 13:30 ---------- Previous post was at 13:27 ----------

Yes, i've read that they do this. The calls started about the time of the data breach, but you're right, it might not have been due to the data breach itself. Nevertheless, the data breach caused me unneccesary upset and worry when I received these calls.

---------- Post added at 13:43 ---------- Previous post was at 13:30 ----------

Some more info about it along with some security tips here:

https://nakedsecurity.sophos.com/202...has-your-data/

Re: Data Breach Incident
 

Because you haven’t suffered any loss, financially or otherwise.

You’re just jumping on a bandwagon.

You’re no different to someone that puts in a fraudulent whiplash claim after a minor bump.

Re: Data Breach Incident
 

You can bet your bottom dollar that the blood sucking lawyers are already planning how they will make claims over this virus once it's finished :rolleyes:

Re: Data Breach Incident
 

So .... a breach you knew nothing about caused you upset and worry :dozey:

Its no wonder everyone thinks you're a tool Richard.

Its not often I agree with Pierre, but I too hope you get nothing.

Re: Data Breach Incident
 

I don't think he's a 'tool'. VM are the tools.

Re: Data Breach Incident
 

It looks like the blood sucking lawyers will have a field day

Re: Data Breach Incident
 

I just knew that you, if anyone, would take that position.

You’re nothing if not predictable.

You’re a lefty, Liberal blah blah blah, but on the other hand defend fraud.

That defines the corrupt left. Socialism “yeah”. But we’ll certainly screw anyone and anything for personal gain.............so admirable.

Re: Data Breach Incident
 

Re: Data Breach Incident
 

When it comes to Brexit negotiations I'm stuck on it, given the current economic turmoil one wonders whether we should postpone for at least months. Since that is how long the current malaise will probably last.

I want to be free from the grips of the EU ASAP, but there comes a point of cutting off your nose to spite your face.

That said if we do extend then we shouldn't be paying to the EU kitty.

Re: Data Breach Incident
 

Re: Data Breach Incident
 

Well so far I had my Facebook account hacked and just received a password change request from netflix

Re: Data Breach Incident
 

Did they actually get control of your Facebook or did you just receive a notification request to change the password?

Re: Data Breach Incident
 

Facebook caught it as the login was in Vietnam

Re: Data Breach Incident
 

I hope you have made your password more secure, i recently had a reset password request on mine but as that came to my email then it meant nothing and could of been a mistake.

To be honest it really isn't a good idea using ISP email addresses for site logins banking etc etc, best to use something not tied to your ISP like Outlook or Gmail.

Re: Data Breach Incident
 

It's almost impossible to state that this has anything to do with Virgin, particularly if passwords are involved. Unfortunately usernames and passwords get hacked/leaked from all kinds of places these days.

Do yourself a favour, go on https://haveibeenpwned.com/ and pop your email address in - this site keeps track of password lists from the internet and lets you know if yours has appeared on any. I'd be willing to bet your email and a password you have used is on a list somewhere, leaked from who knows where. You can also sign up on that site and it'll email you if a new breach occurs and your email is part of the list.

There's actually quite a market for people's stolen netflix (and other site) credentials, meaning there's an industry of tools to automate taking those password lists and trying the email/password combinations on a bunch of other sites.

The lesson from all of this is don't use the same password on more than one site. Use a password manager and use unique passwords for everything.

Re: Data Breach Incident
 

Most people will likely have something flag up on that site so don't panic when yours does popup, it did prompt me to change my passwords though moving everything over to Lastpass password manager other than banking stuff.

Re: Data Breach Incident
 

Agreed, I also switched to Lastpass when I first started using that site. I did move away from LastPass to Bitwarden though and it's just as good. There's also 1Password, which I've not used personally but comes highly recommended.

Basically, whatever password manager you do use is the best password manager.

Re: Data Breach Incident
 

Why did you move ?

Re: Data Breach Incident
 

It was a couple of years ago now, but at the time LastPass really dropped the ball on their Firefox support. Somewhere around when Firefox dropped the old extensions in favour of WebExtensions, LastPass was so broken it was unusable. So I looked for alternatives and BitWarden cropped up a few times. Worked a charm and continues to do so.

It's not perfect, autofill isn't as seamless as LastPass' but beyond that its polished, works better on Android and the built-in 2FA support is fantastic. I also like that it's open source and I can run it myself (IF I so choose).

Re: Data Breach Incident
 

Just received a phone call claiming to be from The Lloyds Banking Group. They had a lot of my details because of the data breach by Virgin Media (they left their customer details unsecured on the internet for ages). Spoke to the Lloyds Banking Group fraud department who said that they had received lots of calls about this. They advised I'd done the correct thing in ending the call and contacting Lloyds Bank & the Halifax directly. Good job I checked!

Re: Data Breach Incident
 

Supposition, not proven fact.

Re: Data Breach Incident
 

Indeed

Re: Data Breach Incident
 

Funny enough i had a similar call this morning + ive just had a second one all claiming to be acting from Lloyds Bank and data breach with First Virgin and secondly Amazon.

Re: Data Breach Incident
 

The Lloyds Banking Group chap did say that they had wondered how the scammers knew that people had accounts with banks owned by the LBG or if they were doing it randomly and just kept getting lucky.

I explained the problems i'd had as a result of the Virgin Media data breach and he thanked me for solving the puzzle. Apparently, they are using the sort codes held by VM to identify who we bank with. Then, they call the person on the phone number held by VM after spoofing their originating number to appear to be from the bank that the VM customer uses.

They let it be known that they have more information about you to try and make the call sound more authentic e.g. they will ask for you by your full name or offer to call you on your mobile if it's more convenient.

I posted a warning on facebook to alert others and a friend (who uses VM & banks with Barclays) said that she had been caught out by them two days ago (on her birthday of all days).

Re: Data Breach Incident
 

Maybe some of them are posting on the internet, under their own name, confirming who they bank with.

Re: Data Breach Incident
 

;)

Re: Data Breach Incident
 

"The database was used to manage information about our existing and potential customers in relation to some of our marketing activities.
No financial details were included in the database which was accessed"
https://www.virginmedia.com/help/data-incident

Re: Data Breach Incident
 

That was....laugh out loud funny!

Re: Data Breach Incident
 

Maybe some have such a hatred of VM they will blame them for anything they can even when it is proved that the data breach did NOT include any passwords or financial details, such as bank account number or credit card information.

Re: Data Breach Incident
 

Thanks for that SP. It seems that Lloyds were right the first time then in that the scammers were stabbing in the dark and hoping that the person banked with whoever they were claiming to be. They probably said 'Lloyds Banking Group' to hedge their bets as that covers more than one bank. Their fraud division did say that they would never introduce themselves as such though, but would state the name of the division where they were from.

---------- Post added at 11:57 ---------- Previous post was at 11:54 ----------

She didn't do this to my knowledge before the incident (on Facebook anyway). I see nothing funny about a young lone parent being scammed out of money on her birthday, but everyone's humour is different I suppose.

---------- Post added at 12:01 ---------- Previous post was at 11:57 ----------

Neither her or myself "hate" VM to my knowledge, what a bizzare thing to come out with. I am annoyed that they treated the security of our personal data in such a shabby manner, but they have apologised and compensated me for the incident without any formal proceedings being needed. I have accepted their apology and agreed to a further contract upon agreement of a much better deal.

Re: Data Breach Incident
 

It was a low flying comment that still managed to go right over your head.

Re: Data Breach Incident
 

Rudeness.

Re: Data Breach Incident
 

Richard, you've completely missed the point I was making that entertained Pierre. You have confirmed in this thread that you bank with Lloyds Banking Group.

You've got 8,000 posts on this forum and almost 20,000 on DS.

I've no idea what other forums you may be on but I would imagine someone could gleam significant amounts of information about your spending habits, DWP benefits you receive, the area of the country you live in and other personally sensitive information. Mainly because you post under your own name.