Virgin Media has been forced to apologise after an erroneous customer service email gave access to hundreds of email addresses held in its database.
The email, which was sent to advise of changes to Google services, allowed anyone that clicked “Reply All” to access everyone on the firm’s mailing list and the UK Information Commissioner’s Office [ICO] is examining if any foul play was involved.
For its part the firm is “investigating exactly what happened,” according to the BBC, and added that the loophole can no longer be exploited by customers that received the message. The error was related to a “sub set” of virgin.net email customers and Virgin Media failed to detail the number of email addresses that are actually affected by the error.
"We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken,” said the ICO, in a statement, after it took a “number of calls” about a “possible data breach” that was caused by Virgin Media releasing the addresses.
Some of those customers that reported the breach to the ICO stated that they had received hundreds of emails that were a mix of spam messages as well as exchanges with other customers that had been affected by the breach.
One such customer was Bob Alexander, 69, who admitted to suffering “a great deal of inconvenience and stress” after being the recipient of some 700 emails, according to the BBC.
Virgin Media added that the problem affected “a small proportion of our customers” and again apologised for the inconvenience caused.
It is the second time in the past 10 years that the ICO has had to take action over a data breach at Virgin Media after it lost a disc holding the unencrypted bank details of customers back in 2008 and a number of security measures were implemented as a result.
Image Credit: Flickr (Elliott Brown)