"Based upon our investigation, Virgin Media does believe that the database was accessed on at least one occasion
Is makes me think you really don't know how many times people have accessed it. I quick point though, it only takes one occasion to spill the info.
Turgensec also quibbled with the ISP's attempt to blame the security blunder on IT workers “incorrectly configuring” an internet-facing database. Rather, the database – which was filled with unencrypted plain-text records – was a sign of "systematic assurance process failure," Turgensec said.
Incorrectly configured public facing site = very stupid
Plain text records = FFS
Unencrypted = #Captainpicarddoublefacepalm