Cable television provider Cox Communications Inc. has been hit by a data breach after a hacker impersonated a support agent to gain access to customer information.
Many customers of Cox Communications (NYSE: COX) started receiving letters this week that warned them of the data breach. The letter stated that on Oct.11 that “unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts.”
The company said that it had taken steps to secure the affected customer accounts and had notified law enforcement of the incident. Further investigation discovered that the hacker may have viewed certain types of customer information. The information included name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and other information of other types of services that a customer receives from Cox.
Affected customers were urged to review their financial account statements for fraudulent activity. Cox is also offering one year of free Experian credit monitoring services “to help relieve concerns and restore confidence following this incident.”
The exact details of how the hacker successfully impersonated a support agent were not disclosed, but it’s likely given that social engineering was involved.
“Now that the hacker(s) are armed with a high volume of personally identifiable information, Cox customers are at risk of additional phishing emails and other forms of fraud at the hands of threat actors,” Sanders added. “Customers should ensure they are using security best practices such as updating their passwords and leveraging two-factor authentication to protect their accounts.”
? Private Secure Insured Protect Your Crypto & Assets
If your Identity & Phone isn’t SAFE Secure do it NOW
Judicial Panel on Multidistrict Litigation (JPML) has transferred more than 40 lawsuits to federal court in Kansas City, Mo., finding that centralization would serve the parties and witnesses and promote the efficient resolution of the litigation. The lawsuit concerns an August hack exposing approximately 54 million T-Mobile customers’ personal information.
The class actions alleged that T-Mobile is liable to consumers who had information like their name, address, T-Mobile account PINs, and Social Security Numbers stolen by malicious hackers. The complaints stated various causes of action including negligence, breach of contract, and violations of state consumer protection laws.
Last week’s order explained that one plaintiff filed a motion to centralize the litigation in the Western District of Washington or, alternatively, in the Western District of Missouri. Plaintiffs in 22 other actions responded to the motion, proposing various districts. T-Mobile supported consolidation and transfer to the Western District of Missouri.
The JPML adjudged that district to be the appropriate transferee district not only because of the parties’ preferences but also because it presents a geographically central and accessible venue and has the capacity to manage the litigation effectively. The order further specified that the cases involve common questions of fact including whether T-Mobile’s data security practices met industry standards, how the hackers accessed the company’s systems, and the extent of personal information disclosed by the breach.
As for efficiency, the panel said that“[c]entralization will eliminate duplicative discovery; prevent inconsistent pretrial rulings, including with respect to class certification; and conserve the resources of the parties, their counsel, and the judiciary.” The case is captioned In Re: T-Mobile Customer Data Security Breach Litigation and will proceed before Judge Brian C. Wimes.