The incident involved “sophisticated criminal activity” that may have exposed customer’s personal information, and customers who entered data on the oxo.com domain between June 2017 and October 2018 according to the manufacturer.
Specifically, data entered between June 9, 2017 -- November 28, 2017, June 8, 2018 –- June 9, 2018, and July 20, 2018 -- October 16, 2018 has potentially been exposed.
The business added that names, billing and shipping addresses, as well as credit card information were involved in the data breach. OXO blamed the incident on “unauthorized code” which found its way on to the companys website. Beyond the code being “malicious”, OXO has not revealed any further details concerning how the malware landed on the oxo.com domain or who may be responsible.
The retailer is offering impacted customers a free credit monitoring service for one year through Kroll, but this service must be activated no later than 28 March 2019.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now