Cox Discloses Data Breach After Hacker Impersonates Support Agent (bleepingcomputer.com) 16
Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers' personal information. BleepingComputer reports: This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that "unknown person(s)" impersonated a Cox support agent to access customer information. "On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident," reads the data breach notification signed from Amber Hall, Chief Compliance and Privacy Officer of Cox Communications. "After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox."
While Cox does not state that financial information or passwords were accessed, they are advising affected customers to monitor their financial accounts and to change passwords on other accounts using the same one as the Cox customer account. Cox is offering affected customers a free one-year Experian IdentityWorks that can be used to monitor credit reports and detect signs of fraudulent activity.
While Cox does not state that financial information or passwords were accessed, they are advising affected customers to monitor their financial accounts and to change passwords on other accounts using the same one as the Cox customer account. Cox is offering affected customers a free one-year Experian IdentityWorks that can be used to monitor credit reports and detect signs of fraudulent activity.
Re: (Score:2)
Re: (Score:2)
Yes.
So I don't know how having the account details for a few socially-engineered normal accounts could lead them to be elevated to a point they can see details of OTHER accounts. That is the part that makes no sense.
Re: (Score:1)
It's real simple. Then the scammer calls an actual customer support agent and then proceeds to "prove" they're really staff by apparently listing off several private database records then gets said unwitting accomplice to reset their password with some lie that may not be any more clever than the phone operative at the other end of the call. If you think these companies bother with tiered access for their staff you're crazy. They just give the root password to every employee because then they can lay off
Re: (Score:2)
That makes no sense. Phishing a customer is not a data breach. They must have phished someone inside the company.
Customers became suspicious when... (Score:5, Funny)
Customers became suspicious when the found the support person they were talking to was actually helpful.
Management was clued in with positive reports and had to immediately take action.
It must be said... (Score:2)
It appears some customers' private business was penetrated by fake Cox.
cable co's have way to many subcontracted workers (Score:2)
cable co's have way to many subcontracted workers and 3rd party outsourced workers.
When you have cable techs with clip on name plates for there trucks it's hard to know if there are really an tech or some scammer.
Phishing and scam calls are common (Score:2)
Official agents can be bad too... (Score:2)
... They have access to juicy records. I have had one that wanted me to log in third party web sites which were suspicious to me. Agent said not to worry, but I didn't trust that agent so I stopped chatting. I really wished companies use their own domains to be trust worthy instead of using third parties.