Virgin Mass media is reportedly among the latest UK businesses to suffer a information security breach. On 5 March 2020, it released a declaration on its site explaining that certain of its databases have been accessed without Virgin Press’s authorisation, because of configuration issue. It really is documented that the database have been left unprotected since April 2019 and that it included information about (around) 900,000 current and potential prospects. Virgin Media declares that the compromised info was mostly limited by contact and product information and importantly, didn’t contain financial details or passwords.
The statement sets out several faqs, with clear to see responses. The ICO and impacted data subjects have already been notified and the declaration provides clients with information regarding possible frauds and phishing attacks targeted at helping them to raised protect themselves and become alert to the risks in an elevated risk environment, in lighting of the incident.
Provided the ICO’s latest data breach decisions, it’ll be interesting to observe how the ICO responds to the notification. Recent aggravating aspects determined by the ICO add a failure to adhere to internal IT plans or industry specifications, inadequate patch administration and penetration tests, inappropriate accounts privileges and permissions and insufficient multi-factor authentication.
In add-on, the ICO has managed to get very clear that it will require into consideration the size and sources of an organization, stating that it could expect larger and much more technologically advanced organisations, such as for example Virgin Media to consider better quality security measures to safeguard personal information against a breach. Mitigating elements can include how promptly Virgin Mass media acted once it uncovered the breach and whether it provides cooperated completely with the ICO.