FCC obtains USD$595,000 settlement for telco privacy breach

The Federal Communications Commission (FCC) has obtain a USD$595,000 settlement from Cox Communications (the third largest cable company in the United States) for a privacy breach.

In August 2014, a hacker gained access to Cox systems containing customers’ personal information, by pretending to be from Cox’s IT department and convincing a Cox customer service representative and a Cox contractor to enter their account details into a “phishing” website controlled by the hacker.  The Cox system in question did not have technical safeguards, such as multi-factor authentication, to prevent the compromised credentials from being used to access the personal information.

Cox will also be required to improve its privacy and data security practices by:

  • designating a senior corporate manager who is a certified privacy professional,
  • conducting privacy risk assessments,
  • implementing a written information security program,
  • maintaining reasonable oversight of third party vendors,
  • implementing a data breach response plan, and
  • providing privacy and security awareness training to employees and third-party vendors.

Link (FCC): FCC consent order