Housewares giant OXO hit hard by Magecart

OXO's parent company has had to issue data breach notification letters multiple times in the past few months.
oxo breach
OXO has had to chase Magecart off its systems multiple times over the past few months. (Flickr user <a href="">Didriks</a>)

Kitchen and office goods giant OXO has been notifying customers of a data breach — a task it has performed multiple times over the past few months after the credit card skimming malware Magecart was found on its e-commerce website.

In a letter obtained by CyberScoop dated Dec. 26, the company says it discovered “the security of certain personal information” had been compromised via the company’s website during three distinct time frames:

  • June 9, 2017 — Nov. 18, 2017
  • June 8, 2018 — June 9, 2018
  • July 20, 2018 — Oct. 16, 2018

The latest discovery was made on Dec. 18, 2018, according to the notice. Over the past year, security researchers have found instances of Magecart on OXO’s website. The malware, which has been found to be used by several different groups, skims various information from billing forms used on e-commerce sites.


The December notice comes as OXO had previously issued breach notification letters in October. In those cases, the company stated that it discovered “an outside source inserting unauthorized code on OXO’s website that collected information entered into the customer order pages.”

The time frame in the October letters says the website had been compromised between July 1, 2018 and Oct. 1, 2018.

In both the October and December letters, OXO believes that information regarding name, business and shipping address, and credit card information was stolen.

OXO’s parent company, Helen of Troy, did not respond to CyberScoop’s multiple requests for comment.


Magecart has been named as the culprit in multiple data breaches regarding e-commerce sites. Over the past six months, the malware has been found on sites run by British Airways, Ticketmaster UK, Newegg, and BevMo.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts