Virgin Promotion Exposes Customer Details

May 23, 2007: Virgin was left red-faced this week when a basic, easily-thwarted security system on a promotional website left customer details exposed.

According to smh.com.au, thousands of customer names, addresses, dates of birth and phone numbers were potentially exposed during a recent Virgin Mobile/Virgin Blue promotion.

Customers were offered free Virgin Blue flights with the purchase of a new handset and plan, but in order to claim the flights they first had to register their details on the Virgin Mobile website. After which they would be SMS’ed a code to input back into the website to check details and claim the flight.

The problem was, the code was the only thing required to access the details and it was sequential. So, a customer could take their code, change the last digit at access another’s details without a security check.

A Virgin spokesperson told the SMH that the problem has now been resolved by requiring the code and the correct surname to continue.

Virgin claims that only 50 customers have been affected by the breach.

Comment on this story