OXO International data breach linked to MageCart attack
- The information compromised in the hack includes name, billing and shipping address and credit card information of customers.
- It was found that an unauthorized and malicious piece of code was inserted on OXO’s website.
Houseware manufacturing firm OXO International disclosed that it has suffered a data breach that may have exposed the payment information of its customers. The breach is believed to have spanned for a period of two years.
In a data breach notification, the company revealed the exact time period of the hack - from June 9, 2017 to November 28, 2017, from June 8, 2018 to June 9, 2018, and from July 20, 2018 to October 16, 2018. The information compromised in the hack includes name, billing and shipping address and credit card information of customers.
On December 17, 2018, OXO along with the help of forensic investigators found that the security of certain personal information available on its e-commerce site may have been compromised. It was found that an unauthorized and malicious piece of code that is capable of collecting customers’ information from the order page, was inserted on OXO’s website.
Who is responsible?
Research by BleepingComputer highlights that Magecart threat actor group is likely to be behind this hack. Over the past six months, the group has been actively hacking several e-commerce sites.
Addressing the problem
Upon discovering the unauthorized code, the firm immediately took actions to secure its site. It implemented additional security layers to protect the website and its customers’ data from such future attacks.
“When OXO obtained additional evidence, it retained forensic investigators to identify past website vulnerabilities. OXO has investigated the nature of the malicious code, removed the unauthorized code, conducted systems scans and reissued access credentials. OXO has also retained outside consultants to conduct penetration testing on its website,” said OXO in its notice.
It has notified all its customers about the breach and has urged them to review their account statements for any suspicious activities.