Isn't it ironic that the very email that I was about to put in the spam box was an email from Virgin Media warning of a "data incident " or we like to refer to it as a data breach . This might explain why we have indeed had an increase in spam emails and phishing phone calls recently.
As a result of this email I am angry and worried that my data has been left exposed on an open database and what damage that will cause .
As a consequence I would like to know the following .
1/ What was the exact information about me that was held in this database.
2/ Why did it take from April 2019 until now to discover this data breach .
3/ What compensation is V M going to provide ,
I am now thinking of changing my phone numbers which will be very inconvenient to say the least. It ia also worrying that my date of birth and address may have been exposed as well .
It is a pity that Virgin did not follow its own advice in yesterdays email by providing a strong password to make our data secure!
I received an email about the data breach and while it says passwords were not accessed i thought it would be a good idea to change it anyway, but it seems that Virgin have a bad set of rules for passwords. 8 - 10 letters or numbers is a very short amount of characters and only letters and numbers can be used, this is very restrictive to make a decent secure password.
this should really be updated and changed to allow more characters to have better password security and also let us use other characters too. while i say this the security by virgin is woeful on the router too because the password is shown when typing it to access the router admin, it feels like they are not able to secure anything with decent security and this should change, it's 2020 not the year 2000 where security was lax because less info (banking etc..) was online. it's about time they got this sorted and brought their security upto todays security needs!
What is an UTTER DISGRACE is that this breach happened almost ONE YEAR AGO and VM are only informing us about it now - THAT IS SIMPLY NOT ACCEPTABLE.
The message does state that no passwords were stored in the database so I guess thats a good thing + add the fact that the info which WAS on the database (names, addresses, email address, etc) could be the same type of data available on the electoral roll (not email address obviously) which anybody could locate really.
Still - it's still a BREACH and VM should do something about this....
So last April I started receiving credit cards through the post (5) within 2 weeks in my name, when I contacted these banks they said these accounts were opened online using my full Name. My full Address (they tried to guess when I moved in). My DOB. Email address. And phone numbers,
The banks were perplexed as to how all of my information was found as I am extremely careful with any details.
I have dummy email accounts for non emergency emails, my main one is for Bill's etc, I also have 2 phones one for personal calls, family and Bill's and one for everything else, but they managed to use all my secure details.
My name is very unusual so it's not an easy name to find especially with the initial of my middle name.
In may 2019 i also started receiving email after email from company's I would never use on my main account and also phone calls, which again have just started up again mostly 020 numbers these company's wouldn't have any reason to have my number
Could this be due to this data breach as it all started when they say they were breached. the stress I was put under on this was enormous god knows what else they have ordered in my name that I don't know about
The vulnerable server has probably been online for more than a year, April 2019 is probably the first recorded unsolicited access of the server by an unauthorised party.
This server was probably thrown together for a single use in a hurry to meet a deadline by a beleaguered engineer and then forgotten about. It's indicative that either VM don't train their staff to modern security standards, stress security enough, or more importantly audit what they have in their estate periodically. So who at VM should carry the can for facilitating this breach? I would argue multiple people, the admin, their manager and their CSO. Will they? Unlikely. Just an empty industry standard apology, some generic "after the horse has bolted" advice about password security, and everyone forgets until the next breach.
To be completely clear, that's nearly a million people who now have to leave in fear of identity theft and fraud because of the incompetence of a company they paid to provide a service.
For this to run as long as it has means there's no intrusion detection, no monitoring, no log analysis or even basic periodic maintenance and patching. For an internet facing service in this day in age, that's simple not cricket and it means there's something fundamentally wrong at an organisation and security level within the company.