Cox Settles FCC Hacking Probe for $595,000

Daily Report for Executives provides in-depth coverage of unfolding legislative, regulatory, and judicial news from the nation’s capital, the states, and around the world. This daily news service...

By Lydia Beyoud

Nov. 5 — Cox Communications Inc. settled an FCC investigation into a 2014 data breach for $595,000, marking the agency's first privacy and data security enforcement action with a cable operator, the agency announced Nov. 5.

The investigation concerned Cox's failure to adequately protect customers' personal information from a hacker, the Federal Communications Commission said in a news release.

FCC Enforcement Bureau investigators found the nation's third-largest cable operator didn't have readily available security measures in place for all of its employees or contractors that could have prevented their credentials from being compromised through the hacker's “phishing” scheme, the FCC said.

The subscriber information, including customer proprietary network information (CPNI), was subsequently posted online and some victims had their passwords changed, the FCC said.

Additionally, the company failed to report to breach to the FCC as required by law, the agency said.

“Cable companies have a wealth of sensitive information about us, from our credit card numbers to our pay-per-view selections,” Enforcement Bureau Chief Travis LeBlanc said in a news release. “This investigation shows the real harm that can be done by a digital identity thief with enough information to change your passwords, lock you out of your own accounts, post your personal data on the web, and harass you through social media.”

The settlement requires Cox to identify all affected customers, notify them of the break and provide a year of free credit monitoring. The company also will have to adopt a comprehensive compliance plan and the bureau will monitor Cox's compliance with the consent decree for seven years.

In 2015, the Enforcement Bureau has taken three enforcement actions for violations of this type under the Communications Act of 1934 and commission rules related to the protection of customer personal information, resulting in more than $28 million in penalties, according to the FCC.

To contact the reporter on this story: Lydia Beyoud in Washington at

To contact the editor responsible for this story: Keith Perine in Washington at

For More Information

Text of the consent decree is at