The breach was reported in August of 2014 and it exposed customer data that included names, e-mail addresses and driving license numbers. Even though there was nothing serious about the incident, FCC has taken the action to deter other service providers from falling into the same trap in future.
The settlement has come after over a year from when it occurred. In a communication document on the same, Enforcement Bureau Chief Travis LeBlanc said the settlement was a huge breakthrough. “Cable companies have a wealth of sensitive information about us, from our credit card numbers to our pay-per-view selections,” the statement read in part.
“This investigation shows the real harm that can be done by a digital identity thief with enough information to change your passwords, lock you out of your own accounts, post your personal data on the web, and harass you through social media. We appreciate that Cox will now take robust steps to keep their customers’ information safe online and off.” The law required Cox to report the incident within seven days but they did not.
That attracted the wrath of FCC. It was later discovered that a hacker managed to access Cox systems through a phishing attack through a company customer service representative and contractor. ZDNet reported that as part of the settlement deal, Cox Communications will be required to adopt a comprehensive compliance plan that includes an information security program with annual system audits.
There should also be visible internal threat monitoring, penetration testing and additional breach notification systems and processes to protect customers’ personal information and proprietary network information. The Enforcement Bureau will keep a close check of the compliance for the next seven years.