FCC fines Cox for falling for Lizard Squad scam, exposing customer data

"Hello, this is EvilJordie from IT. Please give me your password."

What's the cost of giving up customers' information because of weak information security practices? For Cox Communications, the answer is a half-million dollar fine and having the Federal Communications Commission watching its every information security move for the next seven years. The FCC's Enforcement Bureau and cable and broadband Internet provider Cox Communications have reached a settlement over an August 2014 data breach involving a member of the Lizard Squad hacking group. The FCC announced the settlement on Thursday.

The hacker, who goes by the nom de guerre "EvilJordie," used one of the oldest social engineering tricks in the book to gain access to Cox's internal data: he convinced a Cox customer service representative and a Cox contractor over the phone that he was a system administrator in Cox's IT department and sent them a "phishing" link to a malicious website that mimicked a corporate intranet site, where they entered their login credentials


Read 5 remaining paragraphs | Comments