Via Heise Security -
Virgin Media has disclosed that an unencrypted CD containing personal details of around 3000 customers went missing on 29 May.
Normally, Virgin uses encrypted FTP to transfer files between offices, but in this case an unnamed member of staff burned the data onto a CD instead. It is not clear whether the CD was sent by commercial carrier or by internal messenger between two of the media giant's offices, but it never arrived at its destination. The Office of the Information Commissioner has been informed, and the member of staff has apparently been identified and is being "dealt with". Virgin has described the loss as an "isolated incident", has undertaken to contact all affected customers, and is apparently reviewing its security policies and procedures.
Customers at risk would have signed up to Virgin services in Carphone Warehouse stores from January 2008.
No comments:
Post a Comment