For the second year in a row, department store chain Macy’s Inc. has suffered a data breach that may have affected customer’s payment details. The website was hacked by implementing malicious scripts, with the intent of stealing customer’s payment information.
A similar breach happened to Macy’s in July of 2018, amidst a broader trend of many retail companies seeing their online payment systems targeted by malicious actors.
A year later, not much has changed. Macy’s issued a Notice of Data Breach, which reported that their site was hacked on October 7th, 2019. Macy explains that a malicious, unauthorized code was added to their checkout page and wallet page.
Potentially affected information that the hackers may have accessed include customer’s first and last name, address, city, state, zip, phone number, email, and credit/debit card information.
Macy’s suggests that people who have used their site recently should remain vigilant and consistently check their accounts for any financial discrepancies. Macy’s has reported the breach to all the large credit card companies, such as Visa, MasterCard, American Express, etc. Additionally, they have hired a leading class forensic firm to help investigate the breach.
Though Macy’s believes the breach has only affected a “small number of customers”, they are offering Experian IdentityWorks protection to affected customers for free through the next twelve months.