Macy’s Customer Data Exposed After October Website Hack -- Security Today

Macy’s Customer Data Exposed After October Website Hack

The department store chain is notifying customers that hackers were able to scrape credit card data from online purchases for about a week.

By Haley Samsel
Nov 21, 2019

Ahead of the holiday shopping season, Macy’s is not feeling the Christmas cheer. That’s because the department store’s website was the target of a cyber attack in October, according to a letter that Macy’s sent to affected customers.

On Oct. 15, Macy’s security teams were alerted to a connection between macys.com and another website. After investigating, the company realized that an unauthorized third party added unauthorized computer code to two pages on macys.com a week earlier on Oct. 7.

The code allowed the third party to capture information submitted by customers either through the checkout page and or the “wallet page,” where customers store their credit card information on their Macy’s accounts.

While the code was promptly removed on Oct. 15, hackers were still able to gather the names, addresses, phone numbers, email addresses and payment card numbers of customers who typed that information into the checkout page or the “My Account” wallet page.

Macy’s has not said how many customers were affected, and the chain has taken the case to federal law enforcement. After the incident was announced on Tuesday, Macy’s shares fell by nearly 11 percent, CBS News reported.

In a letter to affected customers, the company said that it is offering identity protection services for 12 months free of charge and has taken steps to keep future cyber attacks at bay.

“We have taken steps that we believe are designed to prevent this type of unauthorized code from being added to macys.com,” the letter reads.

This is the second security breach that Macy’s has suffered in the past two years. In the spring of 2018, hackers were able to gain access to customers’ usernames and passwords through both macys.com and bloomingdales.com for over a month. Back then, the company said it had also implemented new security measures to protect customer data.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Security Industry Association Announces Inaugural 25 on the RISE Honorees
09/28/2023
New SASE Certification Program
09/27/2023
The Next “Big Thing” in Physical Security
09/22/2023
Nearly 16,000 Registrants from 95 Nations Participate in GSX 2023
09/22/2023
Interface Systems Opens New Distribution Center in Dallas
09/20/2023
IDIS Video Tech Comes Out Top In Public Demonstration Of Cybersecurity Measures
09/20/2023
Smiths Detection Sells its 1000th leading 3D X-ray Scanner
09/19/2023
Stand Your Ground
09/18/2023

Featured

12 Commercial Crime Sites to Do Your Research

Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now
Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now
Boosting Safety and Efficiency

In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now
Live From GSX: Post-Show Review

This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now
- Industry Events
- GSX

Webinars

Hanwha Vision (formerly Hanwha Techwin),Winsted Corporation

AI Provides Insight Concerning Risk
Arcules

The Sky's the Limit: Are You Ready for AI-Enabled Cloud Video Surveillance?
Hanwha Vision (formerly Hanwha Techwin),Salient Systems,Arcules,Omnilert

Secure Your Campus with AI, Cloud

Whitepapers

Evolv Technology

Addressing Gun Violence at Your School Beyond the Express
Seneca

Keeping Students and Staff Safe in All Puerto Rico Public Schools
Hytera US Inc.

The Next Nextel: Push-to-Talk Over Cellular

New Products

AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3
XS4 Original+

The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3