Out of time? Top watchmaker Timex hit in data breach — but it says customers shouldn’t be worried

Hackers stole Timex employee Social Security Numbers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A branch of the famous Timex watchmaker company suffered a data breach which resulted in the leak of sensitive employee information.

Timex Group USA, an American watchmaker owned by a holding company of the same name (Timex Group) has filed a data breach notification with the Office of the Maine Attorney General, detailing the breach,SC Magazinereported.

As per the filing, the company first noticed “suspicious activity” on its network on June 5, 2023. Subsequent investigation uncovered a data breach that took place between June 1 and June 5 that year.

“Sophisticated attack”

“Sophisticated attack”

On June 16, Timex Group sent a preliminary notice to its current employees in which, among other things, it offered credit monitoring services to affected individuals.

Roughly half a year later, on December 14, Timex concluded that hackers made away with sensitive personal data, including names and Social Security Numbers of more than 3,000 people. After that, on January 29, the company sent another notification, this time to both current and former employees, notifying them of the findings and offering, yet again, 24 months of free credit monitoring andidentity protection services.

Timex described the incident as a “sophisticated cyber attack”, SC Magazine reports.

“Upon discovery of the incident, we immediately commenced an investigation and took steps to implement additional safeguards to help prevent a similar incident from occurring in the future. We are also reviewing our policies and procedures relating to data privacy and security,” Timex stated in its notification letter.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As is standard practice in these cases, the company brought in third-party forensic experts to investigate the incident, and notified relevant authorities. At the time, there is no evidence of the data being abused in the wild, it concluded.

Usually, when hackers steal data, they reach out to the victim firm and ask for money in exchange for keeping it private. Timex did not say if any threat actors reached out, or if they had any demands.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)