Cable One Inc. on 16 August 2019, said that a data breach earlier this year could have affected the personal information of some current and former employees, but also could have reached some of those employees’ family members.
Although Cable One (NYSE: CABO) said it is not aware of any misuse of information as a result of this incident, it sent letters to inform potentially affected individuals about the incident and is offering them identity protection services. “We deeply apologize for any worry and frustration this situation may cause our employees as well as their family members and loved ones. Safeguarding the personal information of our employees and our customers has been, and will continue to be, a top priority for Cable One,” said Cable One President and CEO Julie Laulis in the statement. Their notice clearly mentions what one must do to secure their possible breached data, how to keep tabs to secure fraud etc. Notice published by them can be found here
Why It Happened ?
From the known resources, in 2019 May, an unauthorized access through a third-party vendor gained access to nearly 14 email accounts. Through this, certain personal information was accessible. An independent cyber security firm was engaged to further analyse the attack. The information involved may include categories of information such as names, addresses, Social Security numbers, government-issued identification numbers, financial account numbers, digital signatures, medical, or health insurance (possible PII).
What Can You Learn ?
The above attack used various loopholes at various stages and we can list a few mitigation steps from it.
- Continuous monitoring of third party access logs and prompt check for unauthorized access
- Data Loss Prevention by restricting forms of data available in old/unused accounts
- PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary