August 16, 2019
Cable One Identifies Security Incident Involving Employee Email Accounts
Cable One, Inc. ("Cable One") today announced an information security incident that could affect the personal information of some of the company’s current and former employees as well as, in some cases, their dependents, beneficiaries and others.
In May 2019, Cable One learned that an unauthorized individual, through a third-party vendor, obtained access to approximately 14 Cable One employee email accounts. These employee email accounts contained certain personal information about some current and former employees as well as, in some cases, their dependents, beneficiaries and others. Upon learning of the unauthorized access, the company immediately took action to block further access, promptly initiated an investigation and engaged an independent cybersecurity forensic firm and notified federal law enforcement. The investigation found no evidence that this incident involved unauthorized access to or use of any of Cable One’s internal computer systems or networks. Additionally, Cable One has no evidence that any customer information was involved.
Although Cable One is not aware of any fraud or misuse of information as a result of this incident, the company has sent letters to inform potentially affected individuals about the incident and is offering identity protection services.
"We deeply apologize for any worry and frustration this situation may cause our employees as well as their family members and loved ones. Safeguarding the personal information of our employees and our customers has been, and will continue to be, a top priority for Cable One," said Cable One President and CEO Julie Laulis. "We will continue to invest in cybersecurity to protect the private information of both our employees and customers, and learnings from this incident will be incorporated into future security measures to further enhance our cyber defenses."
What Information Was Involved
The information stored in the accessed email accounts varies by individual, but may include categories of information such as names, addresses, Social Security numbers, government-issued identification numbers, financial account numbers, digital signatures, medical, or health insurance.
What Cable One Is Doing
Based on investigation analysis to date, it is believed unlikely that the information stored in the employee email accounts was used for fraud, however the company will continue to investigate. To help prevent this type of incident from reoccurring in the future, Cable One is continuing to review and enhance security measures and access controls for the company’s email system.
Cable One is notifying potentially affected individuals through a variety of channels. Additionally, the company is providing free identity protection services as well as information, services and resources to help potentially affected individuals protect their identities. This includes an "Information About Identity Theft Protection" reference guide available on the Cable One website at www.cableone.net.
What You Can Do
Although Cable One is not aware of any misuse of information as a result of this incident, potentially affected individuals may wish to take action as a precaution. In order to help protect themselves, individuals can review credit reports for accounts that they did not open or for inquiries from creditors that they did not initiate. If individuals see anything that they do not understand, they should call the credit agency for information. Further, individuals are encouraged to review their credit and debit card account statements as soon as possible in order to determine if there are any discrepancies or unusual activity listed. The company urges individuals to remain vigilant and continue to monitor statements for unusual activity going forward. If they see anything that they do not understand or that looks suspicious, or if they suspect that any fraudulent transactions have taken place, individuals should immediately notify the issuer of the credit or debit card. In instances of payment card fraud, it is important to note that cardholders are typically not responsible for any fraudulent activity that is reported in a timely fashion. Additionally, individuals can review explanation of benefits statements that they receive from their health insurer or health plan or review for persons whose medical bills they assist with or pay (such as a dependent). If they identify services listed on the explanation of benefits that were not received, they should contact their insurer or health plan.
For More Information
For more information about this incident or if there are questions or concerns, individuals may contact a representative at 855-821-6808 between 6 a.m. and 6 p.m. Pacific time, Monday through Friday.