Experts Insight On News: Virgin Media Data Breach Affects 900,000 People

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog
By Security Experts | Information Security Buzz »

As reported by BBC News, a Virgin Media database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months, the company has admitted. The information was accessed “on at least one occasion” by an unknown user. The database, which was for marketing purposes, contained phone numbers, home and email addresses. It did not include passwords or financial details. The breach was not due to a hack or a criminal attack, but because the database had been “incorrectly configured” by a member of staff not following the correct procedures, Virgin Media said.

EXPERTS COMMENTS

Peter Draper
Peter Draper, Technical Director, EMEA, Gurucul | March 06, 2020

Please – if you run any services that collects customer data, have your teams double and triple check that they are secured correctly.

This data breach is wholly down to human error which is one of the biggest threats facing organisations today. The incorrectly configured data is an example of a sole employee not following the correct procedures and exposed hundreds of thousands of personal details of customers.

The risk associated with incorrectly configured databases have been highlighted many times. The content of the database appears to have a wealth of information which bad actors could use for fraud and identity theft. The situation of today’s digital world is that an increasing volume of personally identifying information is being harvested whenever we interact with organisations online. If this data isn’t strongly secured, and it often isn’t, this information can easily end up on the dark web. Please – if you run any services that collects customer data, have your teams double and triple check that they are secured correctly.

 

Robert Capps, VP, NuData Security

This is helping render much of this stolen data valueless, as it is not enough for bad actors to succeed in their schemes.

Dark web data brokers are hard at work scraping up any piece of data exposed or breached. With each ounce of information, cybercriminals are putting the pieces of a consumer’s identity together to create a full data profile of an innocent consumer. Cybercriminals use these real consumer identity profiles to open lines of credit, or take over online accounts to fraudulently secure goods and services on the Internet. This is why constantly monitoring security systems for any vulnerability is key to prevent potential breaches. However, once the data has been stolen, companies can still protect the victims of the breach by improving their online user verification measures. We are seeing more companies include behavioral technologies in their arsenal to verify users based on their behavior instead of relying on their personal information which could have been stolen. This is helping render much of this stolen data valueless, as it is not enough for bad actors to succeed in their schemes.

 

Stuart Reed, VP, Nominet

Monitoring at the DNS level can also provide insights into where data is being exposed to the web and what might be leaving your network.

Despite repeated high profile cases of companies failing to secure their servers properly this is clearly still a widespread problem. While Virgin Media didn’t store any passwords in the database it did contain customer contact information which can still be used by criminals to aid their phishing campaigns. What is troubling is that it is unknown how much, if any, information was accessed during the 10 months the database was exposed and that’s why holistic visibility is a key part of good cyber security hygiene.

Everyone needs to approach cyber security with a holistic mindset, ensuring that you have multiple layers to your security which can provide visibility over your network. Monitoring at the DNS level can also provide insights into where data is being exposed to the web and what might be leaving your network. On top of this, educating your employees on good cyber practice, including how to spot threats and problems could help avoid situations like this in the future.

 

Marco Essomba, Founder, iCyber-Security

Network & security managers, as well as infosecurity executives, must have the right cyber risk management and reporting tools.

This recent breach highlights once again the challenges that Internet Service Providers (ISP) face to protect sensitive customer data. In this case a human error seems to have been the root cause of the configuration error that lead to the breach. However, it’s surprising that it took Virgin Media ten months to detect and patch the flaw. In simple terms, these types of breaches occur because many organisations still lack adequate monitoring and controls to automatically detect and proactively respond to servers & applications misconfiguration before damage has been caused.

The strongest protection against these types of breaches is to implement an effective defence-in-depth approach. For example, at one layer, an automated and continuous vulnerability assessment program should be put in place to detect & alert on critical flaws. This must be backed by the right controls where remediation can be applied as soon as high risk vulnerabilities are detected. An effective change control mechanism must also be in place to ensure that changes applied to production systems are peer-reviewed to minimise human errors that could cause serious data breaches.

Network & security managers, as well as infosecurity executives, must have the right cyber risk management and reporting tools to give them visibility on risk profiles of critical digital assets. That way, network and application flaws can be detected, prioritised, and remediated quickly for high risk assets.

 

Brian Higgins, Security Specialist, Comparitech.com

Don’t help criminals make a bad situation even worse

The moment a breach like this is made public is the most dangerous time for any customers of the business that fell victim. Criminal organisations will take full advantage of the fear and vulnerability it generates in the whole consumer community. It is absolutely vital that Virgin Media customers do not engage with, or respond to, any unsolicited communication from anyone claiming to be from Virgin Media. Emails, telephone calls; criminals will use every method they can to trick people into sharing more information they can then use to commit more crimes. They will play on the fact that the breach is new and potentially dangerous and customers will, quite rightly, want to do all they can to protect themselves. It’s the perfect time for criminals to act. Don’t reply to emails. Don’t give any information over the phone. Check with Virgin independently if you are worried. Don’t help criminals make a bad situation even worse.

 

Martin Jartelius, CSO, Outpost24

Overall, this is just one more of the open exposed databases leading to breaches we are seeing lately.

It is important to note here is that this is more like a phone-book lost, than a breach affecting passwords or credentials. It can be used by attackers to tie a real name to your email, but for the end users the leak as an incident is of less importance. It is good to see that Virgin is working with informing authorities as well as the affected customers. Overall, this is just one more of the open exposed databases leading to breaches we are seeing lately, a breach not due primarily to poor security, but due to no security at all – a situation we see occurring most frequently by mistake or lack of control.

 

Stuart Sharp, VP of Solution Engineering, OneLogin

Misconfiguration is a term used really to hide the fact baseline controls haven’t been put in place like privileged user access controls.

We are still seeing service providers failing to follow fundamental best practices to secure their customers’ data. The fact the data was accessed without the need for advanced hacking techniques using a misconfiguration that was in place for 10 months highlights how important it is to carry out regular security reviews of systems holding sensitive data, and to put in place access control monitoring and alerting. Any company holding personal data of millions of people should be protecting all of their applications and databases using a central access control platform with strong multi-factor authentication rules in place. Access Control is fundamental to protecting systems and databases, its security 101. Misconfiguration is a term used really to hide the fact baseline controls haven’t been put in place like privileged user access controls.

 

Javvad Malik, Security Awareness Advocate, KnowBe4

While cloud platforms bring many benefits, there are different kinds of risks that present themselves.

Not a week seems to go by without a cloud database being left publicly accessible. While this one didn’t contain passwords, there was enough personally identifiable information to make it a significant breach.

While cloud platforms bring many benefits, there are different kinds of risks that present themselves. So it’s important that staff are fully trained with the new technologies and are aware of security risks and best practices. Additionally, assurance controls should be put in place to validate that all systems have the appropriate security controls deployed.

 

Jake Moore, Cybersecurity Specialist, ESET

Coupled up with Virgin’s broadband outage in the week, this could be a particularly good target for malicious actors to prey on.

Leaving data insecure should seriously be a thing of the past, yet this just highlights that major companies are still unaware of exactly where their data is and how vulnerable it may be to cyber attacks.

Whilst no passwords or bank details were under any risk of compromise, this is still enough for a cyber criminal to take advantage of. Usually, the next step for attackers will be to follow up with phishing emails enticing customers to divulge further information. Coupled up with Virgin’s broadband outage in the week, this could be a particularly good target for malicious actors to prey on.

 

Exernal Link: Experts Insight On News: Virgin Media Data Breach Affects 900,000 People

Share this page:

Related Posts