ID Thieves Zero In On Cox Communications Employees

Names, email addresses, phone numbers, and other information ostensibly relating to some 40,000 Cox Communications employees is currently for sale in the so-called Dark Web, a marketplace for stolen data and malware.

“Selling 40k personal details of cox employs [sic],” reads a listing on The Real Deal Market, an underground portal.

Motherboard says it “obtained” a relatively small sample of the data for verification purposes, containing information on 100 apparent employees, and shared a copy of it with the targeted ISP.

The hacker advertising the data, who claims to be behind the breach, would not tell Motherboard how he or she gained access to Cox's systems, but indicated that more data may have been stolen.

“Cox Communications is aware of this matter and the business-related information to which it relates,” Cox Communications spokesperson Todd Smith said in an email. “We’re taking this very seriously and have engaged a third-party forensic team to conduct a comprehensive investigation and are actively working with law enforcement.”

The names seem to correspond to real staff members, judging by employee profiles on LinkedIn and other websites. Some of the entries were duplicates.

The sample also included physical addresses, although these did not seem to be home addresses; several were for Cox's offices. In addition, the dump contained names of the employees' managers, the date of their last login, and the last time their password was reset. Some of the logins stretch back to 2007, but some are as recent as December 2015.