macy

Macy’s Customer Data Exposed After October Website Hack

The department store chain is notifying customers that hackers were able to scrape credit card data from online purchases for about a week.

  • By Haley Samsel
  • Nov 21, 2019

Ahead of the holiday shopping season, Macy’s is not feeling the Christmas cheer. That’s because the department store’s website was the target of a cyber attack in October, according to a letter that Macy’s sent to affected customers.

On Oct. 15, Macy’s security teams were alerted to a connection between macys.com and another website. After investigating, the company realized that an unauthorized third party added unauthorized computer code to two pages on macys.com a week earlier on Oct. 7.

The code allowed the third party to capture information submitted by customers either through the checkout page and or the “wallet page,” where customers store their credit card information on their Macy’s accounts.

While the code was promptly removed on Oct. 15, hackers were still able to gather the names, addresses, phone numbers, email addresses and payment card numbers of customers who typed that information into the checkout page or the “My Account” wallet page.

Macy’s has not said how many customers were affected, and the chain has taken the case to federal law enforcement. After the incident was announced on Tuesday, Macy’s shares fell by nearly 11 percent, CBS News reported.

In a letter to affected customers, the company said that it is offering identity protection services for 12 months free of charge and has taken steps to keep future cyber attacks at bay.

“We have taken steps that we believe are designed to prevent this type of unauthorized code from being added to macys.com,” the letter reads.

This is the second security breach that Macy’s has suffered in the past two years. In the spring of 2018, hackers were able to gain access to customers’ usernames and passwords through both macys.com and bloomingdales.com for over a month. Back then, the company said it had also implemented new security measures to protect customer data.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Security Industry Association Announces the 2026 Security Megatrends

    The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities