OXO International Hit With Data Breach: Customers Over 2 Years Affected Drew Wilson | January 15, 2019 OXO International is the latest company to be hit with a data breach. According to a submission, customers over 2 years have been affected. OXO International has stepped forward to admit that they have been the latest victims of a data breach. The breach itself affects customers for over two years. Only more recently was the breach discovered and reported. From ZDNet: The New York-based manufacturer of homeware, office supplies, and kitchen utensils filed a data breach advisory with the California Attorney General’s Office, and a letter drawn up for customers (.PDF) indicates that the data breach occurred between June 2017 and October 2018. OXO says the security incident was confirmed on 17 December 2018 following forensic tests. The incident involved “sophisticated criminal activity that may have exposed some of your personal information,” according to the manufacturer, and customers who entered data on the oxo.com domain during these times may have had their information compromised. Specifically, data entered between June 9, 2017 — November 28, 2017, June 8, 2018 –- June 9, 2018, and July 20, 2018 — October 16, 2018 has potentially been exposed. The report goes on to say that malware was used in the incident. In fact, the breach has been traced back to hacking group Magecart which has had a reputation of going after several businesses in the past. It’s unclear specifically what was stolen, but presumably, anything the customer gave through their website is likely affected. January has been a somewhat busy month in the security incident front. First, it was Chinese Train service 12306 that had 5 million accounts exposed from a data breach. This was followed up by the video game Town of Salem which saw 7.6 million accounts exposed in a data breach. After that, there was the relatively small, but politically huge data breach of German politicians, journalists, and celebrities including Chancellor Angela Merkel. That story saw German cyber security service, the BSI, on the defence. The very next day, a German teenager was questioned by police after his house got raided by police. Shortly after, the alleged hacker, another German citizen, stepped forward and admitted to carrying out the breach. Finally, we saw online retail giant Amazon get hit with a data leak which saw 400,000 sellers information potentially exposed. While there certainly seemed like a lull in security incidents, things appear to be once again picking up again. Drew Wilson on Twitter: @icecube85 and Google+.