Help and advice on Virgin Media's data incident


What happened?

We recently became aware that some personal information, stored on one of our databases has been accessed without permission. Our investigation is ongoing and we have contacted affected customers and the Information Commissioner’s Office.

The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details (such as name, home and email address and phone numbers), technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth. Please note that this is all of the types of information in the database, but not all of this information may have related to every customer.

Those affected will receive an email from email@em.virginmedia.com, so please check your spam filters to ensure you can receive it.

To reassure you, the database did NOT include any passwords or financial details, such as bank account number or credit card information.

We take our responsibility to protect personal information seriously. We know what happened, why it happened and as soon as we became aware we immediately shut down access to the database and launched a full independent forensic investigation.


The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details (such as name, home and email address and phone numbers), technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth. Please note that this is all of the types of information in the database, but not all of this information may have related to you.


We’ve contacted all the affected individuals with the advice on what to do next. For clarity, no financial details or passwords were included in the database which was accessed.

Identity theft is when someone uses someone else’s personal information to obtain goods, services or money without permission. Examples of identity theft include taking out a credit card or ordering products in someone else’s name. In this case, no financial details or passwords were included in the database which was accessed. However, if you think you have been the victim of identity theft, you should:

Contact Action Fraud if you think that a fraud has been committed at www.actionfraud.police.uk

No passwords were contained within the database. However it is always a good idea to make sure that your passwords are strong and not easy to guess. We have created a help page with advice on how to set a strong password

This is called phishing, which is when people try to persuade you to give them your personal information, often through an email or phone call. Please remember:

  • If you ever receive a call claiming to be from Virgin Media that you don’t trust, please hang up and report it to us straight away

  • Please remember, you should never disclose any sensitive information over email, including banking details, and we will never ask you to do so.

  • If you receive an email that you are concerned about, don’t click on any links, open any documents or reply to it.

You can get some more advice here:

www.getsafeonline.org/protecting-yourself/spam-and-scam-email/
www.virginmedia.com/help/what-is-phishing

You can get advice on how you can avoid or report nuisance marketing calls, emails and texts from the Information Commissioner's Office. It has information online at ico.org.uk and via its helpline on 0303 123 1113. You can also find further information on the Telephone Preference Service website where you can opt out of unwanted sales or marketing calls.

If having read this information and you still have questions, you can contact us on 0800 052 2621, but please be aware our customer service advisors do not have any further information at this stage.

Once again, we sincerely apologise for what has happened.

No, this was not a cyber-attack.

No, our database was not hacked.

Certain sources are referring to this as a data breach. The precise situation is that information stored on one of our databases has been accessed without permission. The incident did not occur due to a hack but as a result of the database being incorrectly configured.

We take our responsibility to protect your personal information seriously. We know what happened, why it happened and as soon as we became aware we immediately shut down access to the database and launched a full independent forensic investigation. We have also informed the Information Commissioner’s Office.

No financial details, such as bank account number or credit card information, were included in the database.

However, if you think you have been the victim of identity theft, you should inform your bank, building society and credit card company of any unusual transactions you see on your statement, or any information you receive about applications made in your name.

Log in to your account: My Virgin Media > | Mobile My Account >

*For call costs to our team from a Virgin Media home phone, visit virginmedia.com/callcosts. Call costs from other networks and mobiles may vary.


What do I need to do?

We’re currently contacting those affected to inform them of what happened. We understand that you might be worried about this incident. We’ve set out some guidance below and given you helpful links to more resources online.