Macy’s Website Hacked, Customers Info and Credit Cards Stolen

Macy's Website Hacked

Macy’s Website Hacked, Customers Info and Credit Cards Stolen

Macy’s has announced a data breach caused by card-skimming code that was implanted in the firm’s online payment portal. The company sent a letter to customers saying that is was alerted to the security incident on October 15, and the Macy’s team quickly found that card-skimming script had been injected into two pages on the Macy’s website.

The code, believed to have been injected on October 7, impacted the Macy’s checkout page and wallet page, the latter of which is accessed through the “My Account” facility. In a filing with the California attorney general, the retail giant said hackers siphoned off customers’ names, addresses, and phone numbers, but also credit card numbers, card verification codes, and expiration dates by inserting malicious code on its website and quietly sending the stolen data back to the hackers.

Macy’s said the breach lasted a week, between October 7 and October 15. The retail giant did not say how many customers were affected, but the breach is likely to affect thousands of customers.

Last year, Macy’s admitted a months-long breach that saw hackers steal credit card data and passwords about 0.5% of its customer base — on both its website and Bloomingdale’s site, which Macy’s owns. The breach resulted in a class action suit.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Blog via Email

Enter your email address to subscribe to receive notifications of every new post by email.

Join 5,851 other subscribers

Support the site: Shop through our 

Stay Connected
Join our Facebook Group
Popular Posts
Homepage | About Us | Privacy Policy | Disclosure Policy

Subscribe to our Newsletter

Subscribe to receive one daily email (sent at 8PM ET, Monday through Friday) with all the news and deals.