OXO International discloses data breach, customer data over two years impacted

OXO International has disclosed a data breach which the company says may have exposed customer information over the course of two years. The New York-based manufacturer of homeware, office supplies, and kitchen utensils filed a data breach advisory with the California Attorney General’s Office, and a letter drawn up for customers (.PDF) indicates that the data breach occurred between June 2017 and October 2018.

More security news

OXO says the security incident was confirmed on 17 December 2018 following forensic tests. The incident involved “sophisticated criminal activity that may have exposed some of your personal information,” according to the manufacturer, and customers who entered data on the oxo.com domain during these times may have had their information compromised.

Specifically, data entered between June 9, 2017 — November 28, 2017, June 8, 2018 — June 9, 2018, and July 20, 2018 — October 16, 2018 has potentially been exposed. While OXO says that “the attempt to compromise your payment information may have been ineffective,” the business added that names, billing and shipping addresses, as well as credit card information was involved in the data breach. OXO blamed the incident on “unauthorized code” which found its way on to the firm’s website.

Beyond the code being “malicious,” OXO has not revealed any further details concerning how the malware landed on the oxo.com domain or who may be responsible.

See also: Feedify becomes latest victim of the Magecart malware campaign “OXO values your business and deeply regrets that this incident occurred,” the company says. “Upon discovering the unauthorized code, OXO immediately took actions to secure its site by working with recognized security consultants to conduct a thorough investigation of the incident and to determine additional measures designed to help prevent incidents of this kind in the future.” The third-party help was able to scrub the servers clean of the malware and is now working with OXO to find and resolve any other vulnerabilities which could be exploited for a repeat performance.

This kind of card-skimming attack which takes place as customers submit an order online has become the signature of the Magecart threat group. Based on Archive.org screenshots and VirusTotal scripts unearthed by Bleeping Computer, at least one of the attacks launched against OXO appears to be the work of the threat group. TechRepublic: WordPress users beware: These 10 plugins are most vulnerable to attacks

Magecart has attacked countless e-retailers in the past. Ticketmaster, British Airways, Feedify, Kitronik, Infowars, and Newegg are some of the most high-profile victims of the threat groups under this umbrella, of which researchers estimate there are at least seven separate hacking groups. The attacks tend to follow a common pattern — gain access to the backend of a retail store, modify the source code to run JavaScript code which collects form data input by customers, and then whisk this information away to a remote server under the attacker’s control.

CNET: Twitter messages to Russian cybersecurity firm helped NSA leak probe This information could then potentially be sold off in bulk data dumps or used for the purposes of credit card fraud and identity theft. It is not known how many customers have been affected by the OXO breach.

However, OXO is offering impacted customers a free credit monitoring service for one year through Kroll, but this service must be activated no later than 28 March 2019.

Previous and related coverage

Oxo Reduced Salt Cube Beef 12 PackThese beef stock cubes from Oxo have all the taste and flavour you've come to expect from Oxo, but without the all the salt. - More Info

Oxo Chicken Stock Cubes x 60Oxo chicken stock cubes offer an authentic tasting chicken stock, quickly and conveniently. - More Info

Oxo Ham Stock Cubes 12 PackEnhance the flavour of all your home cooked ham dishes by simply adding an Oxo Ham Stock Cube. - More Info

Oxo Vegetable Stock Cubes x 12Oxo have been making stock for over 100 years, and has been a cupboard necessity during the last century. - More Info

Oxo Stock Pots 4 Pack ChickenThis 4 pack of Chicken Oxo Stock Pots are a great burst of flavour for a wide variety of meals. - More Info

You may also like...

Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games