The Target: Cox Communications, a U.S based digital cable provider and telecommunicating company.
The Take: Breach of employee accounts, leading to further exposure of Personally Identifiable Information including: name, address, telephone, Cox account number, username, PIN code, account security question and answer.
The Vector: The threat actor impersonated a Cox Support Agent and gained access to a different employee’s credentials, which allowed them to view the sensitive data.
This breach highlights the ongoing and persistent threat of social engineering. Regular awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.