Plus Pages

Monday, December 13, 2021

Report: Cox Hacker Posed As Support Tech


Cox Communications, the third-largest cable provider in the U.S., has sent notifications to customers who were impacted by a recent data breach. According to the company, the hacker gained access to its systems by impersonating a support rep.

This is the second incident related to a Cox company in the past six months. In June, Cox Media Group (CMG) suffered a ransomware attack that knocked TV and radio broadcasts offline.

Forbes reports the breach notification does not mention when the breach actually occurred, though it’s possible that information was not yet known at the time the notifications were sent out. Cox also notes that impacted accounts were secured, an investigation was launched and law enforcement officials notified on the day the attack was discovered.

Customers were notified that the attacker “may have viewed” private details of their accounts. That data potentially includes the customer’s Cox account number, access PIN, security questions and answers, list of active Cox services, Cox.net email address, name, address and telephone number.

It does not appear as though customer financial information was compromised, though Cox is still advising that those impacted carefully review their payment card statements for fraudulent transactions.

Cox customers who received a notification are also being a year of identity monitoring from Experian to “relieve concerns and restore confidence.”

The company is also advising that users change their passwords if they have re-used their Cox password with another website or service provider. That’s good advice even if you didn’t receive a breach.

It’s good advice even if you’re not a Cox customer. Re-using passwords puts your accounts at greater risk of being compromised.

Using strong, unique passwords is always best. A modern password manager makes the process easy, too, whether it’s built into your web browser or a standalone service that you pay for like 1Password, LastPass, or Dashlane.

No comments:

Post a Comment