Hackers in Cox Communications Data Breach Impersonated Company’s Support Agent to Access Customer Information

Atlanta-based digital cable television, internet, and phone services provider Cox Communications has disclosed a data breach that exposed customer information.

Cox said it learned on October 11, 2021, that a hacker impersonated a support agent and gained access to some customers’ personal information.

With over 20,000 employees and 6.5 million customers, Cox ranks as the third-largest cable television provider and seventh telephone carrier in the United States.

The October data breach was the second cybersecurity incident, six months after the ransomware attack that affected Cox Media Group (CMG) in June 2021.

Hackers accessed personally identifiable information (PII) in the Cox data breach

Cox Communications said that the hackers impersonated a support agent and accessed customer account information. The hacker accessed the customer’s name, address, telephone number, username, PIN code, Cox account number, Cox.net email address, account security question and answer, and/or the types of digital services subscribed.

“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts,” Cox said.

Subsequently, the company launched an internal investigation, took additional steps to secure the affected customer accounts, and notified the relevant law enforcement agencies.

However, the data breach notification did not clarify whether customers’ financial information or passwords were accessed.

Similarly, the company did not disclose whether the data breach affected its partners’ operations. Usually, threat actors target upstream vendors like Cox to compromise their downstream customers through supply chain attacks.

Although subscribers’ financial information was likely not affected, the company advised its customers to monitor their financial accounts for suspicious activity.

Similarly, they should change their passwords on other online accounts that share passwords with the compromised Cox accounts.

Paul Laudanski, Head of Threat Intelligence at Tessian said the Cox Communications data breach highlighted the risk of password reuse. Additionally, he noted that support…