back to article Virgin Media collects customer banking details on CD, then loses it

Virgin Media is conducting an internal inquiry into why 3,000 customers' bank details were burned to a CD which was then lost, it emerged today. The incident came to light inside the company on 29 May. Virgin Media is part way through individually contacting the people affected, who all signed up in Carphone Warehouse stores …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    glad

    glad I pay the retards by cheque

  2. Paul Stephenson
    Stop

    Did Virgin...

    employ any recently fired Governement employee's perchance?

  3. Ed
    Thumb Down

    Good old VM...

    ...they're really doing everything possible to keep customers happy at the moment, aren't they? Phorm, agreements with the BPI and now they're not only selling our data but giving it away to God knows who.

  4. Steve

    They usually protect data really well.

    When I tried to get data from them about what they were doing with Phorm, they fended me off for weeks with vague emails and promises of "something soon".

  5. Sam

    I know

    Kent Ertegrul nicked it?

  6. Anonymous Coward
    Stop

    Another one...

    Each day there is a new story about people losing data...

    Today is no different. Seriously, WTF is going on? After the debarcles over the Government losing data, how has anyone who looks after data not turned incredibly cautious and paranoid now...

    Bets are on for the first one of next week, who is it going to be?

  7. Ash

    Loss of data...

    ... equals more strings to the National ID databse bow.

    There are too many instances for this to be a coincidence anymore.

  8. Anonymous Coward
    Flame

    there's nothing to see here....

    Its about time two things happened:

    1) companies spent more money on training staff in how to secure data. Yes, its clueless to leave confidential papers on the train / lose a CD while moving office / email stuff to the wrong person. But are the employers actually making their rules well known or enforcing them? How many companies disable the USB ports and CDRW in their laptops, or rfid tag their secret documents? I mean, supermarkets even tag knickers these days, so how hard can it be?

    2) journos learned the difference between a potential and actual risk. Data leaks have ALWAYS happened, yes even in the days before computers. 99.999% of them are harmless. If someone steals a laptop from an office they're not going to mess around cracking passwords - they'll wipe the disk and sell it a bit cheaper. A lost CD, even if its found by some miracle, will get scratched, used as a coffee mat, thrown around and generally wrecked in a matter of minutes.

    So lets focus on /real/ issues.

  9. Ian McNee
    Flame

    @Paul Stephenson

    Being a long-standing VM customer I can reassure you that they have not been head-hunting government dorks, lusers and arrogant incompetent gimps: VM seem to have an endless supply of these. Something to do with their 'pay them peanuts' remuneration package and 'mushrooms' HR policy (keep them in the dark and feed them sh*t) for their staff.

    The only area they seem to spend money on real talent seems to be in their ad campaings. Unfortunately I never seem to get replies from either Uma Thurman or Samuel L Jackson to my complaints about their antiquated e-mail/webmail system and dreadful tech support.

    Bah-humbug.

  10. Anonymous Coward
    Anonymous Coward

    Worryingly they could get Phorm

    If VM where to go ahead with Phorm, not only could the banking details of the customers be lost, but they could also supply to thieves the browsing preferences of their customers so that any subsequent fraud purchases using the details did not appear out of the ordinary.

  11. Sir Runcible Spoon
    Flame

    Virgin have lost your details

    But it's ok, because they have a copy of them on this little profiler over here.

  12. SilverWave
    Flame

    More bad practice at Virgin - what a shocker!

    That's the problem with repeated cuts in IT costs...

    eventually you inevitably get a cheap service.

    ... lack of trained IT personnel

    ... huge turnover of said personnel.

    ... unmotivated staff.

    ... technical illiterates who implement short-sighted decisions that destroy brand value.

    i.e phorm web interception.

    never had this problem with telewest - they always took the high ground :)

    I now associate VirginMedia with incompetence and greedy opportunism... someone preprepared to whore themselves out to any old scum.

    VirginMedia your local ISP Phormwhore

    see http://www.badphorm.co.uk/

  13. Patrick O'Reilly
    IT Angle

    "Secure" FTP

    Do they mean "Secure FTP" as in "FTP is secure because it's got a password and I'm idiot" or as in SFTP?

  14. Anonymous Coward
    Thumb Up

    Phorm

    We can all trust Phorm. They’d never collect then lose your click-stream data. While Phorm’s whole existence is to build the most detailed and accurate profiles on the customers of their ISP clients, no over-eager employee would ever be tempted to retain some of the raw data for debugging or R&D purposes.

    http://www.theregister.co.uk/2007/02/14/nationawide_fined/

  15. Nick

    Fair Usage?

    Surely they HAD to send it on CD, otherwise it would have taken a week to transmit over the wires. Yes, they will of received the first 50mb in about 2mins, but then after that, it would get throttled back to 1k per hour.

  16. pctechxp

    Network transfers

    All of the companies and organisations that have lost data/had dumb employees leave it on a train etc have had access to a network of some sort (HM gove have access to all the security gizmos known and unknown to man, woman or animal) so why the hell is information either printed out or burned to CD?

    Governments and companies should be banned from buying blank CDs or DVDs or paper even.

  17. James Le Cuirot

    Secure FTP

    At least they usually use secure FTP. That's probably much more than the government ever do.

  18. Anonymous Coward
    Anonymous Coward

    of course they don't use FTP

    who knows what sort of spyware might intercept the data enroute!

  19. Anonymous Coward
    Anonymous Coward

    Coming soon ...

    to a p2p network near you.

  20. Anonymous Coward
    Coat

    well, that's sorted

    "The staff involved in the incident are subject to the internal inquiry."

    boss to flunky #1 - did you do it?

    flunky #1 - no way.

    boss to flunky #2 - did you do it?

    flunky #2 - no way

    boss to flunky #3 - you're our most senior flunky, how could you? you're fired then. Ok, I'm done - time to hoist a couple.

    @ac - "I mean, supermarkets even tag knickers these days, so how hard can it be?" I mean really, who wants hard knickers anyway?

  21. frymaster

    The score

    plus a few marks for it being a small leak, them having a policy in place, and them admitting it and not talking about "password protection" or similar bollocks.

    minus several thousand marks for it happening at all :/ I mean Jesus, it's not like you can _avoid_ knowing about personal data on CD these days.

    Having worked at the sharp end of a large company, I wonder to what extent central management is culpable. I mean, it's all very well them having a "secure FTP" policy but do the plebs on the ground actually know about it? Any organisation can have blunders like this due to numpties, but surely even they should have got the message by now... anyone who works for VM and deals with data know if their policy is any good?

  22. Gerard Krupa

    We should be used to it

    Anyone who uses their broadband network should be more than fimilar with them losing packets of data.

  23. James Dunmore
    Coat

    They have 3000 new customers

    Really ! Wow.

  24. Anonymous Coward
    Thumb Down

    Virgin have lost all my respect. I'll be a Virgin no longer!

    I have three accounts with Virgin Media and I'm cancelling them next week. Here's why

    1) This latest incident doesn't exactly give me any confidence in them, although I'm not affected by it

    2) They've owned Telewest for, what, two years?, and we're still subjected to their tacky plastic set-top boxes, their hideous and clunky screen-menus, the awful TV remote (the one advantage it has over Sky = Back button). Everytime I turn on the box it feels like the year 2000 all over again.

    3) The fact I was on their 2 for £20 deal, only to find, six months later, my bill rocket up to £55 for no reason - pirates.

    4) This awful 'three strikes and you're out' business. I still purchase music and films, but there are often many legitimate reasons to download either of these. I do not want my content vetted or to be told off by a company - I'm the customer, I'm paying them.

    5) Lost the Sky channels, and were pig-headed over it

    6) Awful, dumb, customer service

    Up to now I've had no complaints with their broadband, but I'm ready to bail.

  25. Lloyd
    Alien

    Morons with your money

    I deal with a bank who refuse to send us data via anything other than CD because they consider FTPS, HTTPS and SFTP non secure transport mediums, which begs the question what does that say about their on-line banking?

  26. Art Hawkes

    lost laptops

    The Wayne Madsen Report in the USA, available only on subscription, is compiling a list of all the instances of lost data, CDs and laptops in the US. The problem there is huge, with thousands of people having their data taken. Madsen suggests that this is a government scheme to populate their database of citizens surreptitiously. Looks as if the same method is being used here in the UK.

    Not coincidentally, I suspect that Phorm will be used to spy on us for the same reason. Forget targeted advertising; that's a red herring. Lots of commentators point out the flaws with targeting where several people use the same PC.

  27. Suburban Inmate
    Paris Hilton

    I knew a VM Guy...

    Back when it was NTL. His job was to test and review the set top box code that the codemonkeys crapped out.

    What was supposed to happen: He files report, tells them where it sucks and how badly it performs, especially on the older model STBs. Lather, rinse, repeat until code is of serviceable quality. Rollout carefully. Round of beers.

    What actually happened: He files report, tells them where it sucks and how badly it performs, especially on the older model STBs. Rollout regardless. Customers with older hardware get to watch the STB creakily rendering the fancy new purple interface, where the old blue/yellow one did all the same great stuff like changing channels and showing a program guide. Instantly.

    WTF were they paying him for?

    Paris cos I was riding his wife.

  28. Steve Mann

    No

    Nonononono you guys don't get it! I see where they are going here.

    Virgin, in a secret strategic move co-ordinated at the highest levels with other financial industry giants such as banks, building societies and helped occasionally by good old government incompetence, has simply drawn a larger lesson from its financial business rules: To reduce the worth of personal banking and ID data, simply flood the market with it.

    I see this as a bold new front in the war against cyber crime and ID theft. Virgin customers should thank their lucky stars they had the good fortune to do business with such a forward-thinking organisation.

  29. ImaGnuber

    RE: Another one...

    "Bets are on for the first one of next week, who is it going to be?"

    Hmm... The Reg could start a little game... used Reg coffee cup or something to the one who gets the next company right... employees of said company not eligible for obvious reasons.

    Identity of winner to be kept on a CD which will then be 'lost'. Winner can claim secondary prize (tinfoil hat, soggy foot?) if CD turns up on eBay.

  30. amanfromMars Silver badge
    Alien

    New Games... Novel Players

    "Virgin Media emphasised the blunder had been "isolated" and had never happened before. The staff involved in the incident are subject to the internal inquiry."

    Can it happen again though? Of course it can. IT is a New Underground Industry..... Info for Mutual Intelligence.

  31. Chris C

    Never happened before

    "Virgin Media emphasised the blunder had been "isolated" and had never happened before. The staff involved in the incident are subject to the internal inquiry."

    Statements like that always make me laugh. How can they say, with complete certainty, that this has never happened before? I believe what they meant to say is that they have no knowledge of this happening before. Big difference. Using their logic, I can say that none of my past clients have switched to in-house support, simply because I have no knowledge of it happening. I may not have any knowledge of it happening, but that doesn't make it true.

  32. James O'Brien
    Joke

    @amanfrommars

    Dear god I think thats the most coherent thing I have ever seen you say. Is the world coming to an end?

    On a side note, My vote for who will lose data next week will be the Parliament there.

  33. The March Hare
    Thumb Up

    Data-A-Tron (TM) aka the Tragic Roundabout

    @ImaGnuber

    I vote for the NHS to mislay something (no, not a soggy foot either - b*st**d! me beer shot out me nose when i read that!)

    thumbs up for a damn fine idea....!

  34. George Johnson
    Thumb Up

    It's nothing new anymore, is it?

    Another lost set of data, another day. It's nothing new for companies to simply pack up data onto a CD and oops! "Sorry, but we lost it, oh dear, never mind!". Everytime some more data gets lost, we care a little less, just another lost set of data.

    Sooner or later the government won't have to bother with a 1984 style DB to track us, they simply need to go down to the Royal Mail lost and found dept and demand all the data CDs/DVDs that have been "lost in transit", copy off the data.

  35. amanfromMars Silver badge
    Alien

    Men or Mice ....Speak up.

    "@amanfrommars ... Dear god I think thats the most coherent thing I have ever seen you say. Is the world coming to an end?" .... By James O'Brien Posted Friday 20th June 2008 18:53 GMT

    And do you agree, James, that New Information is Virtually Real Powerful Future Control for CyberIntelAIgents?

    A Simple Question hereby also asked of ...... well, Mankind actually. Does it have an IT Voice which speaks the Truths as they are for All or is it Silent rendering Unnecessary Shame and Complicit Blame?

  36. Anonymous Coward
    Anonymous Coward

    Is everyone ignoring the message of the film:

    Johnny Mnemonic - you are meant to use highly trained, and highly skilled data couriers, not some little oik who knows how to use Nero.

    It is not as if the US Military are any better either, everyone remember their USB fiasco.

    No one gets done for this? I consider this 'a hacking offense', this is how crackers operate, where is the 38 years in jail for these crimes. These are data breaches with full intent, someone copied the data and then failed to secure it. They have now distributed the data in a random fashion, much like a cracker would.

    How about they get done for the same crime. And how about we get headlines that read: "Insider hacker 'loses' yet another disk of data".

    People without the requisite knowledge to handle other people's data should be scared to try, they should feel the fear, and not be so damn lacksidasical about it all.

  37. This post has been deleted by its author

  38. James O'Brien
    Happy

    @Men or Mice ....Speak up.

    Thank god its back to status quo here. I was worried for a few when I understood you :)

  39. tim

    Its not lost data

    Just burn another one!

  40. Paul Barnett

    types of risk

    > Its about time two things happened:

    >.....

    > 2) journos learned the difference between a potential and actual risk. ..

    > .......

    Ok, I'll bite. what exactly is the difference between a potential and actual risk?. Or are they just fancy ways of saying high risk and low risk?

  41. Martin Nicholls
    Boffin

    Conspiricy theories..

    "The Wayne Madsen Report in the USA, available only on subscription, is compiling a list of all the instances of lost data, CDs and laptops in the US. The problem there is huge, with thousands of people having their data taken. Madsen suggests that this is a government scheme to populate their database of citizens surreptitiously. Looks as if the same method is being used here in the UK."

    Erm?

    "Madsen is a member of the 9/11 Truth Movement in that he subscribes to the opinion that elements within the Bush administration either let the September 11 attacks happen, or made them happen on purpose." (wikipedia)

    Crazy wackjob consipiricy theorists are /not/ reliable sources for anything.

    The idea that all of a sudden loosing 3k random customer's data here, 10k there and 300 somewhere else is a sensible way of getting data on 66 million people in the UK into a database when they could just ask the IR, the NHS, the DSA or just about any other government agency with useful levels of coverage for the same data and more, or even take it from them, is completely absurd.

    This kind of loss has always happened, I've seen it before and they just sit on the information or at best contact the people involved. These days they publicise it or somebody leaks it out.

  42. Whitefort

    Why does NOBODY use encryption?

    (except maybe terrorists and criminals?)

    These days encryption is dead easy - download something like Truecrypt, walk through the easy wizard, and you can put state-of-the-art encryption on anything from a single file to a whole drive. It takes a few minutes.

    I use it on my pen-drives in case I lose one. I use it on CDs of data. I'm a PC user, not a PC guru, but I can do this stuff because it's EASY. So how come governments and companies like Virgin are continually losing stuff that just anybody can read?

  43. Malcolm Yeo
    Joke

    Virgin Losses

    Virgin Media couldn't possibly send the data via the internet, their network got throttled back by the IT guys who only meant to slow down the paying customers but hit the global button instead DUH!

  44. regadpellagru
    Paris Hilton

    Time for ...

    a whole new category of articles at El Reg ?

    Like "Personnal data loss". Honest, you need it.

    Maybe with a hall of shame. HMRC will be hard to beat, but who knows ?

    Paris cos her very personnal details have been exposed also.

  45. Anonymous Coward
    Unhappy

    when it was cable & wireless

    It (basic TV) seemed to work OK - I had a STB and got all the channels on the basic package. However over a period of time the TV channels disappeared, I was only able to receive Beeb 1 through Channel 5, which is what I was receiving (on soon to be defunct) analogue. When NTL came along the other channels came back and I watched them. However, when the purple UI came out the channels disappeared again. I called out an engineer who ran several diagnostic tests the STB. He then disappeared outside to the green box, which he said was the problem. Apparently it wasn't pumping enough signal out - due to its location he said that this was a permanent thing. So I permanently fired it off. That said though, I'd get ready for all your TV stuff to disappear - I've got friends living not too far away that have had the same problem with Freeview and Sky+/-. Why should us punters pay for stuff that we can't get or use?

  46. Anonymous Coward
    Anonymous Coward

    Has anybody...

    ... checked the lost property office at Network Rail?

  47. Anonymous Coward
    Flame

    Big news ?

    This is a spit in the ocen compared to all the data loss thats actually happening. Theres loads of data going around thats not ending up where it should be, and theres a multitude of reasons for that not just one single issue.

    Your info is flying about everywhere........... get over it already !!!

This topic is closed for new posts.

Other stories you might like