The Federal Communications Commission (FCC) has obtain a USD$595,000 settlement from Cox Communications (the third largest cable company in the United States) for a privacy breach.
In August 2014, a hacker gained access to Cox systems containing customers’ personal information, by pretending to be from Cox’s IT department and convincing a Cox customer service representative and a Cox contractor to enter their account details into a “phishing” website controlled by the hacker. The Cox system in question did not have technical safeguards, such as multi-factor authentication, to prevent the compromised credentials from being used to access the personal information.
Cox will also be required to improve its privacy and data security practices by:
- designating a senior corporate manager who is a certified privacy professional,
- conducting privacy risk assessments,
- implementing a written information security program,
- maintaining reasonable oversight of third party vendors,
- implementing a data breach response plan, and
- providing privacy and security awareness training to employees and third-party vendors.
Link (FCC): FCC consent order