Cox settles with FCC over customer privacy breach

Cox, the third-largest cable company in the U.S., has agreed to pay $595,000 to settle charges with the Federal Communications Commission over a breach of customers' personal information last summer.

The FCC touted the fine as the first privacy action the agency's enforcement bureau has taken against a cable operator. Cox provides cable TV, broadband Internet and landline phone service. 

ADVERTISEMENT

The FCC had been investigating whether the telecom company failed to properly protect customer information and accused it of failing to notify the FCC quickly enough.

"This investigation shows the real harm that can be done by a digital identity thief with enough information to change your passwords, lock you out of your own accounts, post your personal data on the web, and harass you through social media," the FCC's enforcement head, Travis LeBlanc, said in a statement. 

The settlement will also force Cox to develop a more robust security plan and provide affected customers with free credit monitoring, which the company has already reportedly done. 

The August 2014 breach occurred when a Cox customer service representative and Cox contractor unwittingly helped a hacker gain access to a portal containing customer information. The hacker, part of the so-called Lizard Squad, convinced the employees to enter their company password information into an insecure website by posing as someone from Cox's IT department. 

The breach allowed access to customers' physical addresses, email addresses, phone numbers, as well as partial Social Security and driver's license numbers. 

The consent degree notes that at least 40 customers were affected, by either having their information posted online or having their account information changed. The FCC noted that a number of those affected were telephone subscribers. 

Under the law, telecommunications carriers must take reasonable precautions to protect customer information, and they must report improper disclosures to the FCC within a week. Cable operators are also under similar obligations. 

The FCC is in the process of drafting new proposed rules about the privacy responsibilities of Internet service providers. The agency's role in protecting broadband customers’ information remains unsettled, however, under the net neutrality order approved earlier this year.