The customers’ details have been removed from the website on which they were published.
Details of more than 3,000 customers or potential customers of Bluebox Broadband have been published online.
It is currently unknown who is responsible for the leak of names, email addresses and phone numbers.
Scott McClelland, managing director of the Londonderry-based broadband provider, said it had strict data protection policies in place.
The company has contacted all of those it believes were affected by the breach and apologised to them, he added.
A spokesperson from the Information Commissioner’s Office, which is responsible for upholding information rights, said it was aware of the incident and was making inquiries.
Obtained
The leak comes in the wake of the recent TalkTalk privacy breaches.
The details of Bluebox Broadband customers were published on an online notice board on Thursday.
The company said the information had been obtained from a server that had been used for registering online interest in the firm’s services.
No financial information was held on the server, Mr McClelland said.
He added that the server was immediately shut down and the incident reported to the Police Service of Northern Ireland’s cyber-crime unit.
Lessons
The customers’ details have been removed from the website on which they were published.
“At Bluebox we have always taken security very seriously and this incident is the first time anything like this has ever occurred in the 10 years since we began providing internet services,” Mr McClelland said.
“While no significant customer information has been exposed, we will be working with independent experts to learn lessons and take all steps necessary to prevent anything like this happening in the future.”
Prof Alan Woodward, a security expert from the University of Surrey, said the data available would not be enough to allow for identity fraud.
“Something like this is what you would call a partial breach,” Prof Woodward said.
Vulnerable
“The most likely thing that would happen is it would be sold to scammers on the black market.
“Then scammers would phone up the mobile number saying they’re from that company.”
Prof Woodward said people could be vulnerable to scams.
“People can get sucked in quite easily and we all think we won’t fall for it, but we all do,” he said.
“We’re all subject to the same social engineering.
“I imagine that this sort of information could be used for that sort of scam.”
Prof Woodward said it is “absolutely is the company’s responsibility” to protect customers’ data.
Source: http://www.bbc.co.uk/
