The Lizard Squad scam, which yielded access to customer records at Cox Communications, is one of the most recent cybersecurity scams that has resulted in a fine from the FCC. What’s the cost of giving up customers’ information because of weak information security practices? A half-million dollar fine and having the FCC watching every information security move for the next seven years.
Cox, the third largest cable company in the U.S., will pay nearly $600,000 to settle the FCC’s investigation into a data breach. This is the latest smoke signal that the telecom industry, large to small, must get serious on cybersecurity or face the penalties.
The Lizard Squad, made up of teenage hackers, pulled off this data breach using a form of social engineering called pretexting. The hackers pretended to be from Cox’s IT department and convinced a Cox customer service representative and a Cox contractor to provide their log-in credentials. Using those credentials, the hackers accessed customer information including names, home addresses, e-mail addresses, telephone numbers and account-related data.
While the scope of federal agency authority over privacy and data security lacks exact definition, it is rather clear: a failure to take reasonable steps to protect customers’ sensitive personal information could lead to federal agency investigations and enforcement actions, large penalties, and administrative agency oversight.
As cybersecurity becomes a hotter topic day by day, in which companies have in many instances failed to take even the most basic precautions to protect sensitive consumer data, it’s time to evaluate your blueprint for the cybersecurity future.
