Menu
Reply
Highlighted
  • 7
  • 0
  • 6
Tuning in
1,109 Views
Message 41 of 165
Flag for a moderator

Data-incident 19th April 2019

Isn't it ironic that the very email that I was about to put in the spam box was an email from Virgin Media warning of a "data incident " or we like to  refer to it as a data breach . This might explain why we have indeed had an increase in spam emails and phishing phone calls recently.

As a result of this email I am angry and worried that my data has been left exposed on an open database and what damage that will cause .

As a consequence I would like to know the following .

1/ What was the exact information about me that was held in this database.

2/ Why did it take from April 2019 until now to discover this data breach .

3/ What compensation is V M going to provide ,

I am now thinking of changing my phone numbers which will be very inconvenient to say the least. It ia also worrying that my date of birth and address may have been exposed as well . 

It is a pity that Virgin did not follow its own advice in yesterdays email by providing a strong password to make our data secure!

 

 

Highlighted
  • 1
  • 0
  • 0
Joining in
1,198 Views
Message 42 of 165
Flag for a moderator

Re: Odd email from purporting to be from Virgin - Saying my info has been hacked on their server

I have had the same E-mail. I try to check with the real companies website or phone number just in case !!!

0 Kudos
Reply
Highlighted
  • 20
  • 0
  • 2
On our wavelength
1,140 Views
Message 43 of 165
Flag for a moderator

Re: VM password - 8-10 characters only??? Are you kidding me?

@dazd That's exactly what I came here to say. Thanks for explaining it nicely. That password policy at this day and age is unacceptable. 

Highlighted
  • 6
  • 0
  • 0
Joining in
1,069 Views
Message 44 of 165
Flag for a moderator

For those who wasn't aware

 

Breach of personal Data, all the headache we're had trying for figure out who is responsible, Netflix/Virgin? 

 

ttps://www.google.com/amp/s/www.bbc.co.uk/news/amp/business-51760510

0 Kudos
Reply
Highlighted
  • 684
  • 4
  • 53
Fibre optic
1,057 Views
Message 45 of 165
Flag for a moderator

Re: Scam Emails

At least I know now that it's not a scam. It's all over the press.
0 Kudos
Reply
Highlighted
  • 269
  • 24
  • 37
Fibre optic
1,058 Views
Message 46 of 165
Flag for a moderator

Re: For those who wasn't aware

It was a marketing list so Netflix wouldn't be held responsible, the article even specifically stated it was a member of Virgin Staff. 


**
I work for Virgin Media - but all opinions posted here are my own
0 Kudos
Reply
Highlighted
  • 102
  • 5
  • 17
Up to speed
1,060 Views
Message 47 of 165
Flag for a moderator

Data breach and passwords

I received an email about the data breach and while it says passwords were not accessed i thought it would be a good idea to change it anyway, but it seems that Virgin have a bad set of rules for passwords. 8 - 10 letters or numbers is a very short amount of characters and only letters and numbers can be used, this is very restrictive to make a decent secure password.

this should really be updated and changed to allow more characters to have better password security and also let us use other characters too. while i say this the security by virgin is woeful on the router too because the password is shown when typing it to access the router admin, it feels like they are not able to secure anything with decent security and this should change, it's 2020 not the year 2000 where security was lax because less info (banking etc..) was online. it's about time they got this sorted and brought their security upto todays security needs!

https://www.twitch.tv/ziltoidtv
0 Kudos
Reply
Highlighted
  • 2.57K
  • 49
  • 359
Problem sorter
998 Views
Message 48 of 165
Flag for a moderator

Re: Data breach and passwords

What is an UTTER DISGRACE is that this breach happened almost ONE YEAR AGO and VM are only informing us about it now - THAT IS SIMPLY NOT ACCEPTABLE.

😠

The message does state that no passwords were stored in the database so I guess thats a good thing + add the fact  that the info which WAS on the database (names, addresses, email address, etc) could be the same type of data available on the electoral roll (not email address obviously) which anybody could locate really.

Still - it's still a BREACH and VM should do something about this....

__________________________________________________________
Husband, Dad, Gamer, Gadget Lover......
Twitter: @deans6571
0 Kudos
Reply
Highlighted
  • 68
  • 0
  • 2
On our wavelength
985 Views
Message 49 of 165
Flag for a moderator

Virgin Media's data incident

So last April I started receiving credit cards through the post (5) within 2 weeks in my name, when I contacted these banks they said these accounts were opened online using my full Name. My full Address (they tried to guess when I moved in). My DOB. Email address. And phone numbers,

The banks were perplexed as to how all of my information was found as I am extremely careful with any details.

I have dummy email accounts for non emergency emails, my main one is for Bill's etc, I also have 2 phones one for personal calls, family and Bill's and one for everything else, but they managed to use all my secure details.

My name is very unusual so it's not an easy name to find especially with the initial of my middle name.

In may 2019 i also started receiving email after email from company's I would never use on my main account and also phone calls, which again have just started up again mostly 020 numbers these company's wouldn't have any reason to have my number 

Could this be due to this data breach as it all started when they say they were breached. the stress I was put under on this was enormous god knows what else they have ordered in my name that I don't know about

Highlighted
  • 17
  • 0
  • 2
Tuning in
952 Views
Message 50 of 165
Flag for a moderator

Re: Data breach and passwords

The vulnerable server has probably been online for more than a year, April 2019 is probably the first recorded unsolicited access of the server by an unauthorised party.

This server was probably thrown together for a single use in a hurry to meet a deadline by a beleaguered engineer and then forgotten about. It's indicative that either VM don't train their staff to modern security standards, stress security enough, or more importantly audit what they have in their estate periodically. So who at VM should carry the can for facilitating this breach? I would argue multiple people, the admin, their manager and their CSO. Will they? Unlikely. Just an empty industry standard apology, some generic "after the horse has bolted" advice about password security, and everyone forgets until the next breach.

To be completely clear, that's nearly a million people who now have to leave in fear of identity theft and fraud because of the incompetence of a company they paid to provide a service.

For this to run as long as it has means there's no intrusion detection, no monitoring, no log analysis or even basic periodic maintenance and patching. For an internet facing service in this day in age, that's simple not cricket and it means there's something fundamentally wrong at an organisation and security level within the company.