VOXX International

VOXX International, also known as OXO International, experienced a significant ransomware attack on June 4, 2020. This incident involved unauthorized access to the company's file servers over an extended period, leading to the encryption of certain devices. The breach compromised sensitive personal information belonging to current and former employees, contractors, and their dependents or beneficiaries who were enrolled in the company's U.S. health or benefit plans. Exposed data elements included names, addresses, Social Security numbers, financial account details, and health insurance information. Following the discovery of the attack, the company engaged external cybersecurity experts to contain the incident, restore operational systems, and investigate the scope of the compromise. VOXX International initiated a notification process to all affected individuals, providing them with details of the breach and offering complimentary credit monitoring services to mitigate potential risks from the exposure of their personal data. As a direct result of this event, the organization implemented additional security enhancements, most notably the deployment of advanced endpoint threat detection tools to improve its defensive posture against future cyber threats.

An earlier security incident occurred on June 9, 2017, when OXO International, operating its e-commerce platform, was targeted by a multi-stage MageCart attack. Attackers successfully injected malicious scripts into the website's checkout process, which silently harvested customer payment card details, billing addresses, email addresses, and phone numbers as transactions were conducted. This harvested data was then exfiltrated to a remote server controlled by the attackers. The company responded by engaging third-party forensic investigators to identify and remove the malicious code, address the underlying vulnerabilities that permitted the injection, and implement corrective security measures. OXO International cooperated with authorities and notified affected customers about the breach, again providing complimentary credit monitoring services to those whose payment and personal data had been stolen. The forensic investigation also uncovered an anomalous Russian web analytics script present on the compromised checkout page, which raised further concerns regarding the potential collection and misuse of visitor data beyond the immediate payment theft. Both incidents underscore the persistent threat of sophisticated cyber attacks targeting both employee and customer data within the organization's digital environment.