In the first such case against a U.S. cable company, federal regulators are slapping Cox Communications with a $595,000 fine after Cox allowed hackers from Lizard Squad to penetrate its systems and steal private customer information.
By posing as an IT administrator and tricking a couple of Cox employees into giving up their login credentials, a hacker known as "EvilJordie" broke into Cox's databases and gained access to customer names, addresses, password recovery information and even "partial" Social Security numbers and driver's license numbers, according to the Federal Communications Commission. They also got hold of some customers' telephone records.
As many as 61 current or former Cox customers were affected by the breach, which occurred between Aug. 7 and Aug. 14 of 2014. The hackers changed 28 of these customers' passwords, locking them out of their own accounts, and posted eight people's personal information on social media.
"We take our responsibility to protect our customers’ personal information very seriously," said Cox in a statement Thursday. "While we regret that this incident occurred, our information security program ensured that we were able to react quickly and limit the incident.… We will continue to enhance our privacy and information security programs to protect the personal information that is entrusted to us."
You may remember Lizard Squad as the group that breached Sony's internal network, tweeted a bomb threat to American Airlines and disrupted Xbox and Playstation owners' Christmases last year.
Cox has around 6 million customers nationwide. But although the hack ultimately resulted in relatively few people's information being compromised, the hackers' stolen login credentials gave them the ability to monitor and manipulate a potentially huge range of data. By coming down on Cox, the FCC is offering another sign that the it is looking to police data breaches more closely.