SECURITY
SECURITY
SECURITY
Credit card data stolen in hack of kitchenware maker Oxo
Kitchenware maker Oxo International Ltd. has disclosed that it was the victim of hacking that resulted in customer credit card data stolen.
In a breach disclosure letter filed to comply with California law, the company said that it had been compromised between June 2017 and October 2018.
The hack, confirmed Dec. 17, was a data security incident involving “sophisticated criminal activity.” Along with credit card data, names, billing and shipping address details were also stolen. The number of customers affected was not disclosed.
Given the seriousness of credit card data being stolen, Oxo said it secured the services of Kroll Inc. to provide identity monitoring to customers at no cost for a year.
Although how the hack took place wasn’t disclosed, some are suggesting that it has the hallmarks of an attack by the Magecart hack group. The group typically inserts code into the payments page of a target to steal customer data, including credit card details.
Previous victims include Newegg Inc., the Infowars Store, Cathay Pacific Airways Ltd., British Airways and Ticketmaster Entertainment Inc.
Robert Capps, vice president and authentication strategist for Mastercard Inc.-owned NuData Security, told SiliconANGLE that once data has been stolen, it’s used in a number of ways, including account takeover and identity fraud.
“More recently, we’ve seen a change in the value of stolen data as more and more intuitions are implementing user authentication solutions that render stolen data valueless,” Capps said. “The loss of credit card data is a worry for all organizations, not just the targeted company.”
The data lost can be lucrative for cybercriminals, who can use the card and CVC numbers to mimic the legitimate customer and make fraudulent purchases or facilitate further cybercrimes.
Capps noted that there are alternatives to traditional security. “By using security layers with behavioral analytics and passive biometrics, businesses can look across multiple aspects of the user’s interaction, instead of relying solely on the username, password and other static data which could have been stolen,” he said. “Such techniques devalue phishing attacks and other techniques to extract data from legitimate consumers, as this is not enough to access a victim’s account or make illegitimate purchases.”
Photo: dinnerseries/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
