Cox discloses data breach after hacker impersonates support agent

Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information.

Cox Communications, aka Cox Cable, is a digital cable provider and telecommunication company that provides internet, television, and phone services in the USA.

This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.

There are not a lot of details about the security incident, but the hacker likely used a social engineering attack to gain access to Cox internal systems that provided information about customers.

“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the data breach notification signed from Amber Hall, Chief Compliance and Privacy Officer of Cox Communications.

“After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”

In summary, the data breach exposed the following sensitive information for affected customers:

• Name
• Address
• Telephone number
• Cox account number
• Cox.net email address
• Username
• PIN code
• Account security questions and answers
• and/or the services customers receive from Cox.

While Cox does not state that financial information or passwords were accessed, they are advising affected customers to monitor their financial accounts and to change passwords on other accounts using the same one as the Cox customer account. 

Cox is offering affected customers a free one-year Experian IdentityWorks that can be used to monitor credit reports and detect signs of fraudulent activity.

In a statement to BleepingComputer, Cox said that they have reported the incident to law enforcement and that it only affected a small number of customers.

“The security of the services we provide to customers is a top priority. A recent security incident impacted a small number of customer accounts. We promptly launched an investigation and took steps to secure the affected accounts and have implemented additional security controls to further safeguard their information. We are working with law enforcement and have notified all impacted customers.” – Cox.

When we asked further questions regarding the number of affected customers and how the breach took place, we did not receive a response.

Media conglomerate Cox Media Group suffered a ransomware attack in June 2021 that took down live TV and radio broadcast streams. The ransomware attack and this incident do not appear to be related.

What should Cox Communications customers do?

If you are affected by this data breach or are simply concerned about the safety of your Cox account, you should perform the following steps:

• Immediately change the password and account security questions/answers on your Cox account.
• Be on the lookout for phishing emails pretending to be from Cox that are designed to steal your login credentials.
• Enable 2-factor authentication for your Cox accounts to make it harder for threat actors to log in to your account.

Once again, while Cox did not disclose that financial information was accessed by the threat actor, due to the amount of data exposed, all affected customers should monitor their credit reports for unusual activity.

Source: https://www.bleepingcomputer.com/news/security/cox-discloses-data-breach-after-hacker-impersonates-support-agent/