Hacker impersonating customer support led to a data breach at Cox

Cox
(Image credit: II.studio / Shutterstock)

The cable and telecommunications provider Cox Communications has disclosed a data breach after a hacker was able to gain access to the personal information of its customers by impersonating a support agent.

The company's customers recently began receiving letters in the mail informing them that an unknown person or persons had impersonated a Cox support agent in order access customer information.

Although few details about the extent of the data breach have been released at this time, the hacker likely employed social engineering as a means to gain access to Cox's internal systems.

Once the company learned that a hacker had impersonated one of its support staff, it immediately launched an internal investigation into the matter and notified law enforcement of the incident.

Customer account information

In the data breach notification letter sent out to customers, Cox Communications' chief compliance and privacy officer, Amber Hall explained that some information in customers' accounts may have been viewed by the hacker, saying:

"After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox."

Although Cox has not revealed whether any financial information or passwords were accessed, it is advising customers to monitor their financial accounts. In order to prevent any possible identity theft that may occur as a result of the breach, the company is also offering a free one-year subscription to Experian IdentityWorks to all affected customers.

We'll likely hear more details regarding the data breach once Cox and law enforcement complete their respective investigations but in the meantime, Cox customers should change the password and security questions/answers for their accounts, look out for any phishing emails pretending to come from the company and enable two-factor authentication (2FA) for their accounts. 

We've also featured the best password manager, best identity theft protection and best antivirus

Via BleepingComputer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.