[BreachExchange] Not on TV: Cox Communications hacked

[Terrell Byrd]

https://www.digitaljournal.com/tech-science/not-on-tv-cox-communications-hacked/article


Cox Communications has disclosed a data breach after a hacker impersonated
a support agent to gain access to customers’ personal information. The data
breach exposed sensitive information held by the cable television provider,
like customer addresses, account numbers, email addresses, PIN codes and
more.

According to Cox: “On October 11, 2021, Cox learned that an unknown
person(s) had impersonated a Cox agent and gained access to a small number
of customer accounts. We immediately launched an internal investigation,
took steps to secure the affected customer accounts, and notified law
enforcement of the incident” (as reported by Bleeping Computer).

While Cox does not state that financial information or passwords were
accessed, they are advising affected customers to monitor financial
accounts. These notifications went out during December 2021.

Looking into the matter for Digital Journal is Matt Sanders, Director of
Security at LogRhythm.

According to Sanders, the incident “Serves as a reminder that data breaches
can happen in many ways, and often are the result of human error.”

An example of human error is the ‘attention gap’, such as something within
the external environment (such as noise, light, vibration etc) that
distract the individual. This is sometimes associated with the performing
of familiar tasks that require little conscious attention. This
‘skill-based’ errors will occur if attention is diverted, even momentarily.

In relation to cybersecurity and data breach incidences, Sanders finds:
“Social engineering tactics like impersonating trusted colleagues or
partners have proven highly successful time and again.”

So, what are the implications for Cox? Sanders identifies these as: “Now
that the hacker(s) are armed with a high volume of personally identifiable
information (PII), Cox customers are at risk of additional phishing emails
and other forms of fraud at the hands of threat actors.”

In terms of the best response by those impacted by this nefarious activity,
Sanders recommends: “Customers should ensure they are using security best
practices such as updating their passwords and leveraging two-factor
authentication to protect their accounts.”

As for businesses like Cox, there are lessons to be learned from the
incident. Sanders presents these as: “In order to quickly detect and
neutralize security threats such as this one, it is essential for
organizations to have the proper controls in place, and to also provide
training to employees to better help them identify suspicious or fraudulent
emails.”

Sanders’ final recommendation runs: “Detection and response capabilities,
authentication and access controls, and real-time monitoring and visibility
are crucial to protecting valuable customer data.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211213/bd7d5160/attachment.html>