ICO raps Virgin Media for data breach

The telecoms provider has been found in breach of the Data Protection Act when it lost a disc holding the unencrypted bank details of some customers earlier this year.

Virgin Media has been found in breach of the Data Protection Act following the loss of an unencrypted CD containing the personal details of over three thousand customers.

The telecoms provider reported the breach to the Information Commissioner's Office (ICO) earlier this year following the loss of a compact disc that was passed to Virgin Media by Carphone Warehouse containing the personal details of individuals interested in opening a Virgin Media account in a Carphone Warehouse store.

The ICO said it had ordered to implement a number of security measures with immediate effect to protect customers' personal information more effectively. These include encrypting all portable or mobile devices that store and transmit personal information.

And any company processing personal information on behalf of Virgin Media must also now use encryption software, which must be clearly stated as a requirement in all contracts.

The ICO has also required Virgin Media to sign a formal undertaking to comply with the principles of the Data Protection Act. And it said failure to meet the terms of the undertaking would be likely to lead to further enforcement action.

Mick Gorrill, ICO assistant commissioner, said this latest in a series of clampdowns on organisations found to have lax security procedures proved the ICO is taking all data breaches seriously, one of which involved the Liberal Democrats only earlier this week.

"The Data Protection Act clearly states that organisations must keep personal information secure," he said. "Virgin Media recognises the seriousness of this data loss and has agreed to take the immediate remedial action that we have outlined in order to protect its customers' personal details."

A Virgin Media spokesperson said: "This was an isolated incident which occurred in May and only affected a small number of people."

"Through our own undertaking we also took the decision to proactively contact all of the affected customers directly to ensure we met all of our responsibilities and support them through the process. Since our internal review, we have implemented all of the requirements stipulated by the ICO," the spokesperson added.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
CMS platforms succumb to KashmirBlack botnet as businesses rush online
Security

CMS platforms succumb to KashmirBlack botnet as businesses rush online

22 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020