US cable operator Cox Communications has with the regulator FCC reached a settlement of the equivalent of more than 500,000 euros last year after an attacker via social engineering access to the customer database and managed to get some of the customer data placed online.
The attacker approached a customer service representative and a provider of Cox and did thereby posing as an employee of the IT department. In both cases, he asked to log on to a phishing site, which also took both victims. With these credentials the attacker got access to the customer database, including names, email addresses, secret questions and answers, PINs and partial social security numbers and drivers license numbers.
Some of the information was then placed by the attacker on the Internet. The FCC then started an investigation or the cable company did have secure customer data. This showed that the systems are not applied measures that could mitigate the impact of the stolen credentials. Cox has now reached a settlement and will pay $ 595 000 and all affected customers still inform about the attack, which took place last August. The security has been tightened. The US cable operator has about 6 million customers.
No comments:
Post a Comment