Cyber Incident Victim: Cable One

Cable One, Inc. disclosed an information security incident on August 16, 2019, stemming from unauthorized access to employee email accounts discovered in May 2019. The breach occurred through a third-party vendor, compromising approximately 14 employee email accounts containing personal data of current and former employees. In some cases, dependents, beneficiaries, and family members of employees were also impacted due to information stored within these accounts. Exposed data categories included names, addresses, Social Security numbers, government-issued identification, financial account numbers, digital signatures, and medical or health insurance information. The company confirmed no unauthorized access to its internal computer systems or networks occurred, and customer data remained unaffected. Upon detection, Cable One immediately blocked further access, initiated an investigation with an independent cybersecurity forensic firm, and notified federal law enforcement.

The investigation found no evidence of fraud or misuse of the compromised data but acknowledged the potential risk to affected individuals. Cable One notified potentially impacted parties through multiple channels and offered free identity protection services, including credit monitoring and resources for detecting suspicious activity. Company President and CEO Julie Laulis publicly apologized, emphasizing continued investments in cybersecurity and enhancements to email system security controls. While asserting no confirmed fraudulent activity, Cable One advised vigilance in reviewing financial statements, credit reports, and health insurance explanations of benefits. The incident exclusively involved employee email accounts managed through a third-party vendor, with remediation efforts focused on strengthening email access protocols rather than broader system vulnerabilities. A dedicated call center operated from 6 a.m. to 6 p.m. Pacific time weekdays to address inquiries from affected individuals.