Out of time? Top watchmaker Timex hit in data breach — but it says customers shouldn't be worried

(Image credit: Shutterstock)

A branch of the famous Timex watchmaker company suffered a data breach which resulted in the leak of sensitive employee information.

Timex Group USA, an American watchmaker owned by a holding company of the same name (Timex Group) has filed a data breach notification with the Office of the Maine Attorney General, detailing the breach, SC Magazine reported. 

As per the filing, the company first noticed “suspicious activity” on its network on June 5, 2023. Subsequent investigation uncovered a data breach that took place between June 1 and June 5 that year.

"Sophisticated attack"

On June 16, Timex Group sent a preliminary notice to its current employees in which, among other things, it offered credit monitoring services to affected individuals. 

Roughly half a year later, on December 14, Timex concluded that hackers made away with sensitive personal data, including names and Social Security Numbers of more than 3,000 people. After that, on January 29, the company sent another notification, this time to both current and former employees, notifying them of the findings and offering, yet again, 24 months of free credit monitoring and identity protection services

Timex described the incident as a “sophisticated cyber attack”, SC Magazine reports. 

“Upon discovery of the incident, we immediately commenced an investigation and took steps to implement additional safeguards to help prevent a similar incident from occurring in the future. We are also reviewing our policies and procedures relating to data privacy and security,” Timex stated in its notification letter.

As is standard practice in these cases, the company brought in third-party forensic experts to investigate the incident, and notified relevant authorities. At the time, there is no evidence of the data being abused in the wild, it concluded.

Usually, when hackers steal data, they reach out to the victim firm and ask for money in exchange for keeping it private. Timex did not say if any threat actors reached out, or if they had any demands. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.