Virgin Media joins the latest in the ever increasing group of companies and agencies companies who have lost personal data.
Virgin has stated that they have lost the the bank details of 3000 new customers.
All the customers who have had their data lost have been have been offered “credit file protection”, so that their accounts will be watched more closely and “automatic indemnity” – if a theft/fraud does occur on their account.
The data, as with other peices of media, was on an unencrypted CD which was lost during transfer, by hand, between Virgin Media offices on 29 May 2008
Apparently the Virgin Media policy states that customer data must be encrypted and transferred by FTP, and not copied onto media. What this shows is that while the policy may be correct people can, and do, avoid the policies.
There should be systems in place to prevent this occurring. There is dedicated software to prevent exactly this, and hardware solutions are even easier – remove the CD/DVD and USB ports from the machine that connects to all of the customer databases.
Under the Section 55 of the Data Protection Act this can be considered an criminal offence