Timex Group experienced a data breach that leaked the names and Social Security numbers of more than 3,000 people, the watchmaking company disclosed Monday.
The Timex breach took place between June 1 and June 5, 2023, according to a filing made by the company to the Office of the Maine Attorney General. Timex first discovered “suspicious activity” on its systems on June 5 and determined on Dec. 14 that personal information was stolen in the breach, the company said.
Current and former Timex employees affected by the breach were sent a notification dated Jan. 29, which offers 24 months of free credit monitoring and identity protection services. According to Timex, current employees were sent a preliminary notice around June 16, which also offered complimentary credit monitoring.
A total of 3,085 people had their names and Social Security numbers exposed in the breach, which Timex described as a “sophisticated cyber attack.”
“Upon discovery of the incident, we immediately commenced an investigation and took steps to implement additional safeguards to help prevent a similar incident from occurring in the future. We are also reviewing our policies and procedures relating to data privacy and security,” Timex stated in its notification letter.
Timex worked with third-party forensic experts to investigate the attack and also contacted federal law enforcement regarding the breach. The company said it currently has no evidence of actual fraud using the stolen information.