Cox Communications has disclosed a data breach resulting from a hacker gaining customers’ personal information by impersonating a support agent.

According to Bleeping Computer, Cox sent customers a letters saying it learned on Oct. 11 that unknown person(s) impersonated a Cox support agent to access customer information. The hacker likely used a social engineering attack to gain access to Cox internal systems that provided customers’ information.

The Cox data breach exposed affected customers’ names, addresses, telephone numbers, Cox account numbers, Cox.net email addresses, usernames and PIN codes. In addition, account security questions and answers, and services received were exposed.

Cox sent us the following statement:

“The security of the services we provide to customers is a top priority. A recent security incident impacted a small number of customer accounts. We promptly launched an investigation, took steps to secure the affected accounts and have implemented additional security controls to further safeguard their information. We are working with law enforcement and are in the process of notifying all impacted customers.”

Cox wouldn’t say whether the breach is impacting its partners’ operations.

Strong Security Culture Needed

KnowBe4’s James McQuiggan

James McQuiggan is a security awareness advocate at KnowBe4.

“Within organizations that maintain databases containing sensitive information about their customers, a strong security culture must be a significant part of their environment,” he said. “Cybercriminals will continually attempt to leverage the human nature of seeking help and curiosity to gain access to organizations.”

Organizations need to educate users to trust and verify who they are speaking with based on the phone number stored in the corporate directory, and initiate a call back when sharing sensitive information or accessing any systems, McQuiggan said.

“It may be an inconvenience and take a few extra minutes, but that can prevent damage to the organization’s brand and potential loss of revenue,” he said.

Mundane, Day-To-Day Operations Root Cause of Most Breaches

Cerberus Sentinel’s Chris Clements

Chris Clements is vice president of solutions architecture at Cerberus Sentinel.

“There have been several similar breaches that have occurred the past few years due to compromise of internal helpdesk systems, Twitter being the most notable incident,” he said. “I believe these point to widespread failures to account for all potential threat vectors when forming an overall security strategy. We like to imagine the sexy big time attacks like the SolarWinds breach a year ago. But the reality is that it is far more common that the mundane, day-to-day operations we become oblivious to are the root cause of most security incidents.”

For example, the most dangerous things people do every day on their computers are email and web browsing, Clements said. However, the banality of those things mean people don’t feel at heightened risk when doing those things.

“Similarly, an organization’s helpdesk often has broad access to user accounts for troubleshooting and can cause catastrophic damage if compromised by an attacker,” he said. “It’s therefore critical that every organization analyze potential threat vectors to helpdesk and other support functions to ensure an attack can’t easily leverage those avenues.”