Time Warner Cable (TWC) has admitted that up to 320,000 customers’ email addresses and passwords may have been compromised by cyber criminals.
The company started to contact the customers by email after learning of the breach from FBI investigators, claiming that the source of the leak was either a third-party firm or the result of phishing attacks on staff.
Speaking to CSO Online, Time Warner spokesperson Eric Mangan said: “We have not yet determined how the information was obtained, but there are no indications that TWC’s systems were breached.
“Approximately 320,000 customers across our markets could be affected by this situation. To protect the security of these customers, we are sending emails and direct mail correspondence to encourage them to update their email passwords as a precaution.
“The emails and passwords were likely previously stolen through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.”
Mark Stollery, managing consultant in enterprise and cyber security at Fujitsu, warned that the incident underlines the importance of an effective strategy to react to such a breach.
“Hacks are a fact of life nowadays, and not just for careless or negligent organisations. Attackers always have the initiative, and even the best-run company could suffer from a hack or data theft,” he said.
“Because of this, it’s vital that organisations take a proactive approach focusing on the integration of threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber threats.
“The immediate aftermath of a breach is not the time to work out who should say what to whom, and getting it wrong can seriously damage your corporate reputation and share price.”
There is still no indication of who is responsible for the attack and what will happen to the leaked information.
Stolen data is often quickly published on the dark web or put up for sale by cyber criminals and hackers. Research has found that personal data such as banking information can be sold for as little as £12 per record online.