As reported by BBC News, a Virgin Media database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months, the company has admitted. The information was accessed “on at least one occasion” by an unknown user. The database, which was for marketing purposes, contained phone numbers, home and email addresses. It did not include passwords or financial details. The breach was not due to a hack or a criminal attack, but because the database had been “incorrectly configured” by a member of staff not following the correct procedures, Virgin Media said.
Experts Comments
Monitoring at the DNS level can also provide insights into where data is being exposed to the web and what might be leaving your network.
Despite repeated high profile cases of companies failing to secure their servers properly this is clearly still a widespread problem. While Virgin Media didn’t store any passwords in the database it did contain customer contact information which can still be used by criminals to aid their phishing campaigns. What is troubling is that it is unknown how much, if any, information was accessed during the 10 months the database was exposed and that’s why holistic visibility is a key part of good .....Read More
Network & security managers, as well as infosecurity executives, must have the right cyber risk management and reporting tools.
This recent breach highlights once again the challenges that Internet Service Providers (ISP) face to protect sensitive customer data. In this case a human error seems to have been the root cause of the configuration error that lead to the breach. However, it's surprising that it took Virgin Media ten months to detect and patch the flaw. In simple terms, these types of breaches occur because many organisations still lack adequate monitoring and controls to automatically detect and proactively.....Read More
Don’t help criminals make a bad situation even worse.
The moment a breach like this is made public is the most dangerous time for any customers of the business that fell victim. Criminal organisations will take full advantage of the fear and vulnerability it generates in the whole consumer community. It is absolutely vital that Virgin Media customers do not engage with, or respond to, any unsolicited communication from anyone claiming to be from Virgin Media. Emails, telephone calls; criminals will use every method they can to trick people into.....Read More
Overall, this is just one more of the open exposed databases leading to breaches we are seeing lately.
It is important to note here is that this is more like a phone-book lost, than a breach affecting passwords or credentials. It can be used by attackers to tie a real name to your email, but for the end users the leak as an incident is of less importance. It is good to see that Virgin is working with informing authorities as well as the affected customers. Overall, this is just one more of the open exposed databases leading to breaches we are seeing lately, a breach not due primarily to poor.....Read More
Please - if you run any services that collects customer data, have your teams double and triple check that they are secured correctly.
This data breach is wholly down to human error which is one of the biggest threats facing organisations today. The incorrectly configured data is an example of a sole employee not following the correct procedures and exposed hundreds of thousands of personal details of customers.
The risk associated with incorrectly configured databases have been highlighted many times. The content of the database appears to have a wealth of information which bad actors could use for fraud and identity theft. .....Read More
Misconfiguration is a term used really to hide the fact baseline controls haven’t been put in place like privileged user access controls.
We are still seeing service providers failing to follow fundamental best practices to secure their customers’ data. The fact the data was accessed without the need for advanced hacking techniques using a misconfiguration that was in place for 10 months highlights how important it is to carry out regular security reviews of systems holding sensitive data, and to put in place access control monitoring and alerting. Any company holding personal data of millions of people should be protecting all .....Read More
While cloud platforms bring many benefits, there are different kinds of risks that present themselves.
Not a week seems to go by without a cloud database being left publicly accessible. While this one didn't contain passwords, there was enough personally identifiable information to make it a significant breach.
While cloud platforms bring many benefits, there are different kinds of risks that present themselves. So it's important that staff are fully trained with the new technologies and are aware of security risks and best practices. Additionally, assurance controls should be put in place to .....Read More
Coupled up with Virgin’s broadband outage in the week, this could be a particularly good target for malicious actors to prey on.
Leaving data insecure should seriously be a thing of the past, yet this just highlights that major companies are still unaware of exactly where their data is and how vulnerable it may be to cyber attacks.
Whilst no passwords or bank details were under any risk of compromise, this is still enough for a cyber criminal to take advantage of. Usually, the next step for attackers will be to follow up with phishing emails enticing customers to divulge further information. Coupled up with Virgin’s .....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Robert Capps, VP , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This is helping render much of this stolen data valueless, as it is not enough for bad actors to succeed in their schemes...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-news-virgin-media-data-breach-affects-900000-people
Facebook Message
@Robert Capps, VP , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"This is helping render much of this stolen data valueless, as it is not enough for bad actors to succeed in their schemes...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-news-virgin-media-data-breach-affects-900000-people