Out of time? Top watchmaker Timex hit in data breach — but it says customers shouldn't be worried

As per the filing, the company first noticed “suspicious activity” on its network on June 5, 2023. Subsequent investigation uncovered a data breach that took place between June 1 and June 5 that year.

"Sophisticated attack"

On June 16, Timex Group sent a preliminary notice to its current employees in which, among other things, it offered credit monitoring services to affected individuals. 

Roughly half a year later, on December 14, Timex concluded that hackers made away with sensitive personal data, including names and Social Security Numbers of more than 3,000 people. After that, on January 29, the company sent another notification, this time to both current and former employees, notifying them of the findings and offering, yet again, 24 months of free credit monitoring and identity protection services. 

Timex described the incident as a “sophisticated cyber attack”, SC Magazine reports. 

“Upon discovery of the incident, we immediately commenced an investigation and took steps to implement additional safeguards to help prevent a similar incident from occurring in the future. We are also reviewing our policies and procedures relating to data privacy and security,” Timex stated in its notification letter.

As is standard practice in these cases, the company brought in third-party forensic experts to investigate the incident, and notified relevant authorities. At the time, there is no evidence of the data being abused in the wild, it concluded.

Usually, when hackers steal data, they reach out to the victim firm and ask for money in exchange for keeping it private. Timex did not say if any threat actors reached out, or if they had any demands. 

More from TechRadar Pro

• Ivanti warns Connect Secure zero-days exploited by hackers
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now