Cox Communications has notified customers of a data breach, a breach it suffered at the hands of a hacker posing as a support agent.
Social engineering remains of the most successful attack vectors for hackers to exploit. Regardless of how hardened an organization’s security, the human element is often the weakest.
It appears Cox has learned this the hard way, with a hacker successfully posing as a support agent to gain access to customer information, including highly sensitive information, according to BleepingComputer.
“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the notification, which was signed by Amber Hall, Chief Compliance and Privacy Officer, and obtained by BleepingComputer.
“After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”
Cox doesn’t specifically say financial information was accessed, but the company is advising impacted customers to monitor their financial accounts, and is even offering them one year of free Experian IdentityWorks credit monitoring.
The company has also not disclosed the number of users impacted, but said the breach “impacted a small number of customer accounts.” Cox is working with law enforcement to assist in their investigation.