Cox Communications, the third-largest cable operator in the United States, has sent notifications to customers who have been affected by a recent data breach. According to the company, the hacker gained access to its systems by posing as a support representative.
A copy of the notification shared by Lawrence Abrams of Bleeping Computer reveals that Cox became aware of the attack on October 11.
This is the second incident related to a Cox business in the past six months. In June, Cox Media Group (CMG) suffered a ransomware attack that took TV and radio broadcasts offline.
Notification of violation does not not state when the violation actually occurred, although it is possible that the information was not yet known at the time the notifications were sent. Cox also notes that the accounts concerned have been secured, that an investigation has been opened and that the police were informed on the day of the discovery of the attack.
Customers have been told that the attacker “may have viewed” private details of their accounts. This data potentially includes the customer’s Cox account number, access PIN, security questions and answers, list of active Cox services, Cox.net email address, name, address and telephone number.
It doesn’t appear that customers’ financial information has been compromised, although Cox still advises those affected to carefully examine their payment card statements for fraudulent transactions.
Cox customers who have received a notification also undergo a year of Experian identity monitoring to “allay concerns and restore trust.”
The company also advises users to change their password if they have reused their Cox password with another website or service provider. This is good advice even if you does not have receive a violation notification.
that’s good advice even if you are not a Cox customer. Reusing passwords increases the risk of your accounts being hacked.
It is always best to use strong, unique passwords. A modern password manager also makes the process easier, whether it’s built into your web browser or a standalone service you pay for like 1Password, LastPass, or Dashlane.