The Federal Communications Commission (FCC) has entered into a $595,000 settlement agreement with Cox Communications to help resolve an ongoing investigation.
The investigation is touching on whether the company failed to protect its customers’ personal information when it suffered a data breach last year. This is the first privacy and data security enforcement action that the FCC Enforcement Bureau has brought against a cable operator. The National Law Review reported the agreement that could be an industry trend setter.
In their investigation, the bureau came to a conclusion that Cox’s electronic data systems were actually breached in August 2014 by a hacker who pretended to represent the company’s IT department. Their findings show that the hacker was able to convince a Cox customer service representative and a Cox contractor to enter their account IDs and passwords into a phishing website.
The damning findings now put Cox into a tight corner as far as preservation of their customers’ private information is concerned. “The hacker gained access to data including cable customer names, addresses, email addresses, and partial Social Security and driver’s license numbers and telephone customers’ Consumer Proprietary Network Information (CPNI),” part of their findings say.
“The hacker — a member of the “Lizard Squad” hacker group — posted some of this personal information on social media sites, changed customer account passwords, and shared the compromised account credentials with another alleged member of the Lizard Squad.” Cox was found guilty of having put no measures in place to cushion customers from the breach at the time it happened.
It is part of the legal requirements that every Telco company in America puts in measures for protecting customers and their personal information. In addition to the $595,000 civil penalty, the settlement also requires Cox to adopt a comprehensive compliance plan that FCC will closely monitor for seven years.