Virgin Media is conducting an internal inquiry into why 3,000 customers' bank details were burned to a CD which was then lost, it emerged today.
The incident came to light inside the company on 29 May. Virgin Media is part way through individually contacting the people affected, who all signed up in Carphone Warehouse stores nationwide from January this year.
A company spokesman told The Register that transferring sensitive data customer on CD goes against its policy of using secure FTP tranfers. The data on the CD was not encrypted and also included names and home addresses.
Virgin Media emphasised the blunder had been "isolated" and had never happened before. The staff involved in the incident are subject to the internal inquiry.
The firm contacted the Information Commissioner's Office when it discovered the loss and took its advice on how to inform customers. It is paying for credit file protection for everyone whose banking information is now out in the wild, which means any fraud will be indemnified and credit histories will be unaffected.
While the financial cost to customers will be zero, and negligible for Virgin Media, the embarrassment should be massive. Public awareness of the dangers of data loss remains high in the wake of last year's HMRC debacle and its many sequels, and if we can't trust a network operator to shift information securely then who can we? ®