UPDATED 21:32 EST / JANUARY 10 2019

SECURITY

Credit card data stolen in hack of kitchenware maker Oxo

Kitchenware maker Oxo International Ltd. has disclosed that it was the victim of hacking that resulted in customer credit card data stolen.

In a breach disclosure letter filed to comply with California law, the company said that it had been compromised between June 2017 and October 2018.

The hack, confirmed Dec. 17, was a data security incident involving “sophisticated criminal activity.” Along with credit card data, names, billing and shipping address details were also stolen. The number of customers affected was not disclosed.

Given the seriousness of credit card data being stolen, Oxo said it secured the services of Kroll Inc. to provide identity monitoring to customers at no cost for a year.

Although how the hack took place wasn’t disclosed, some are suggesting that it has the hallmarks of an attack by the Magecart hack group. The group typically inserts code into the payments page of a target to steal customer data, including credit card details.

Previous victims include Newegg Inc., the Infowars StoreCathay Pacific Airways Ltd., British Airways and Ticketmaster Entertainment Inc.

Robert Capps, vice president and authentication strategist for Mastercard Inc.-owned NuData Security, told SiliconANGLE that once data has been stolen, it’s used in a number of ways, including account takeover and identity fraud.

“More recently, we’ve seen a change in the value of stolen data as more and more intuitions are implementing user authentication solutions that render stolen data valueless,” Capps said. “The loss of credit card data is a worry for all organizations, not just the targeted company.”

The data lost can be lucrative for cybercriminals, who can use the card and CVC numbers to mimic the legitimate customer and make fraudulent purchases or facilitate further cybercrimes.

Capps noted that there are alternatives to traditional security. “By using security layers with behavioral analytics and passive biometrics, businesses can look across multiple aspects of the user’s interaction, instead of relying solely on the username, password and other static data which could have been stolen,” he said. “Such techniques devalue phishing attacks and other techniques to extract data from legitimate consumers, as this is not enough to access a victim’s account or make illegitimate purchases.”

Photo: dinnerseries/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU