Cox Communications

"Recently, the Enforcement Bureau of the Federal Communications Commission (FCC) entered into a settlement with Cox Communications (Cox) resolving an investigation into whether the cable operator failed to properly protect its customers' personally identifiable information (PII) when its electronic data systems were breached in 2014. Cox is the third-largest cable television provider and the seventh-largest telephone carrier in the United States with over six million subscribers. This settlement presents the FCC's first privacy and data security enforcement action with a cable operator, echoing steps the FCC has recently taken against telecommunications providers to regulate and enforce privacy and cybersecurity breaches.The BreachCox's electronic data systems were breached in August 2014 by a hacker using the alias "Evil Jordie," a member of the band of teenage cybercriminals known as the Lizard Squad. Evil Jordie simply called Cox and posed as a member of Cox's information technology department. He convinced both a Cox customer service representative and a Cox contractor to provide him with their account IDs and passwords and enter them into a "phishing" website."With those credentials, the hacker gained unauthorized access to Cox customers' personally identifiable information, which included names, addresses, email addresses, secret questions/answers, PINs, and in some cases partial social security and driver's license numbers of Cox's cable customers, as well as Customer Proprietary Network Information (CPNI) of the company's telephone customers," the FCC said. "The hacker then posted some customers' information on social media sites, changed some customers' account passwords, and shared the compromised account credentials with another alleged member of the Lizard Squad."