fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cox Discloses Data Breach After Hacker Impersonates Support Agent

Cox Discloses Data Breach After Hacker Impersonates Support Agent

Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information.

Cox Communications, aka Cox Cable, is a digital cable provider and telecommunication company that provides internet, television, and phone services in the USA.

This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.

There are not a lot of details about the security incident, but the hacker likely used a social engineering attack to gain access to Cox internal systems that provided information about customers.

Also Read: 5 Most Frequently Asked Questions About Ransomware

“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident,” reads the data breach notification signed from Amber Hall, Chief Compliance and Privacy Officer of Cox Communications.

“After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”

COX data breach notification letter
COX data breach notification
Source: BleepingComputer

In summary, the data breach exposed the following sensitive information for affected customers:

  • Name
  • Address
  • Telephone number
  • Cox account number
  • Cox.net email address
  • Username
  • PIN code
  • Account security questions and answers
  • and/or the services customers receive from Cox.

While Cox does not state that financial information or passwords were accessed, they are advising affected customers to monitor their financial accounts and to change passwords on other accounts using the same one as the Cox customer account. 

Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?

Cox is offering affected customers a free one-year Experian IdentityWorks that can be used to monitor credit reports and detect signs of fraudulent activity.

In a statement to BleepingComputer, Cox said that they have reported the incident to law enforcement and that it only affected a small number of customers.

“The security of the services we provide to customers is a top priority. A recent security incident impacted a small number of customer accounts. We promptly launched an investigation and took steps to secure the affected accounts and have implemented additional security controls to further safeguard their information. We are working with law enforcement and have notified all impacted customers.” – Cox.

When we asked further questions regarding the number of affected customers and how the breach took place, we did not receive a response.

Media conglomerate Cox Media Group suffered a ransomware attack in June 2021 that took down live TV and radio broadcast streams. The ransomware attack and this incident do not appear to be related.

What should Cox Communications customers do?

If you are affected by this data breach or are simply concerned about the safety of your Cox account, you should perform the following steps:

  • Immediately change the password and account security questions/answers on your Cox account.
  • Be on the lookout for phishing emails pretending to be from Cox that are designed to steal your login credentials.
  • Enable 2-factor authentication for your Cox accounts to make it harder for threat actors to log in to your account.

Once again, while Cox did not disclose that financial information was accessed by the threat actor, due to the amount of data exposed, all affected customers should monitor their credit reports for unusual activity.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us