[Owasp-ireland] Virgin Media has lost a CD containing customer details

davidrook david.rook at realexpayments.com
Fri Jun 20 11:50:57 EDT 2008

"Virgin Media loses CD containing customer bank details

Virgin Media - the entertainment and communications arm of Richard Branson's
Virgin Group - has lost an unencrypted computer disc containing the bank
account details of 3000 UK customers.

Virgin Media discovered the CD - which also contained names and addresses of
customers - was missing on 29 May.

The breach affects customers that signed up to Virgin Media services in
Carphone Warehouse stores from January this year.

It is not known why the data was burned onto a CD - a move thought to be at
odds with the firm's policy of using secure FTP transfers.

In a statement a Virgin Media spokesperson says: "We have been working with
the Information Commissioners' Office on this matter and we are in the
process of contacting all of the affected customers to ensure we meet our
responsibilities and fully support them through this process."

Virgin Media says it is now conducting a review of its data protection
policies and practices.

In April HSBC revealed a CD containing the names, cover levels and dates of
birth of around 370,000 UK life assurance customers had gone missing.
However, this case was dwarfed by HM Revenue and Customs' loss last October
of computer discs containing the confidential information - including bank
account details - of all 25 million child benefit recipients in the UK by HM
Revenue and Customs (HMRC)."


David Rook | david.rook at realexpayments.com
Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Realex Payments, Dublin, www.realexpayments.com
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538

Realex Payments, London, www.realexpayments.co.uk
1 Hammersmith Grove, London W6 0NB, England
Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264

Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in Ireland, company number 324929.

This mail and any documents attached are classified as confidential and
are intended for use by the addressee(s) only unless otherwise
indicated. If you are not an intended recipient of this email, you must
not use, disclose, copy, distribute or retain this message or any part
of it. If you have received this email in error, please notify us
immediately and delete all copies of this email from your computer

More information about the Owasp-ireland mailing list