Macy's says hackers accessed online customers' credit card data
Hackers obtained names and passwords of online customers and potentially were able to access credit card numbers.
(Bloomberg) – Macy’s Inc. said hackers obtained names and passwords of online customers and potentially were able to access data including their credit card numbers and expiration dates.
Change your password
The data breach impacted one-half of one-percent of customers who were registered on Macys.com or Bloomingdales.com, spokeswoman Blair Rosenberg said Tuesday. Customer login and password data were taken from websites not related to Macy’s or Bloomingdale’s and were then used to access profiles on those sites, the company said.
“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures,” Macy’s said in an emailed statement.
Related: Hack of DNA website exposes data from 92 million user accounts
The disclosure marks the latest in a series of data breaches at major companies across a broad swath of industries, including retailers Hudson’s Bay Co. and Under Armour Inc., aerospace giant Boeing Co., airlines like Delta Air Lines Inc. and natural gas pipelines and electric utilities. Adidas AG said last month that millions of customers on its U.S. website could have been affected by a breach.
SSN’s not accessed
While other personal data, including birthdates, may have been accessed, social security numbers were not, Macy’s said. The data breach occurred between April 26 and June 10, the company said. It detected suspicious activity on June 11, and the company blocked the profiles in question on June 12.
Macy’s contacted customers that may have been impacted by the breach and said it was offering consumer protection services to them at no cost.
Related:
What to consider when developing or refining your cyber incident response plan