Hackers infiltrated Macy's ecommerce site and stole customer data

Wednesday 20 November 2019 12:06 CET | News

Macy's has communicated a data breach notification, saying hackers infiltrated its ecommerce site and stole customer data, including financial information, ISMG reports.

The company received an alert about "a suspicious connection between and another website" on Oct. 15, which led it to immediately launch an investigation. The data breach notification issued by Macy's says the retailer has shared all of the compromised payment card numbers with Visa, MasterCard, American Express and Discover.

Stolen data potentially includes the following, if they had been entered by a customer while they were on the "My Wallet" or checkout pages: name, full address, phone number, email address, payment card number, card security code and card month/year of expiration. Macy's says only users of its website - but not mobile applications - were at risk.

Bleeping Computer, which first reported on the breach, says that the code planted on Macy's site appears to have involved malicious JavaScript code connected to Magecart. Officials at Macy's declined to quantify the number of breach victims or stolen payment cards, or whether it could confirm if Magecart scripts had been running on its site.

Macy's says it has been directly notifying affected customers via email, advising them to watch their financial statements for signs of fraud, which it notes will be reimbursed by card issuers. It's also offering all victims Experian's IdentityWorks identity fraud monitoring services, prepaid for 12 months.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: fraud, cybercrime, data breaches, ecommerce
Categories: Fraud & Financial Crime
Countries: United States
This article is part of category

Fraud & Financial Crime