macy

Macy’s Customer Data Exposed After October Website Hack

The department store chain is notifying customers that hackers were able to scrape credit card data from online purchases for about a week.

  • By Haley Samsel
  • Nov 21, 2019

Ahead of the holiday shopping season, Macy’s is not feeling the Christmas cheer. That’s because the department store’s website was the target of a cyber attack in October, according to a letter that Macy’s sent to affected customers.

On Oct. 15, Macy’s security teams were alerted to a connection between macys.com and another website. After investigating, the company realized that an unauthorized third party added unauthorized computer code to two pages on macys.com a week earlier on Oct. 7.

The code allowed the third party to capture information submitted by customers either through the checkout page and or the “wallet page,” where customers store their credit card information on their Macy’s accounts.

While the code was promptly removed on Oct. 15, hackers were still able to gather the names, addresses, phone numbers, email addresses and payment card numbers of customers who typed that information into the checkout page or the “My Account” wallet page.

Macy’s has not said how many customers were affected, and the chain has taken the case to federal law enforcement. After the incident was announced on Tuesday, Macy’s shares fell by nearly 11 percent, CBS News reported.

In a letter to affected customers, the company said that it is offering identity protection services for 12 months free of charge and has taken steps to keep future cyber attacks at bay.

“We have taken steps that we believe are designed to prevent this type of unauthorized code from being added to macys.com,” the letter reads.

This is the second security breach that Macy’s has suffered in the past two years. In the spring of 2018, hackers were able to gain access to customers’ usernames and passwords through both macys.com and bloomingdales.com for over a month. Back then, the company said it had also implemented new security measures to protect customer data.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

  • AI Used as Part of Sophisticated Espionage Campaign

    A cybersecurity inflection point has been reached in which AI models has become genuinely useful in cybersecurity operation. But to no surprise, they can used for both good works and ill will. Systemic evaluations show cyber capabilities double in six months, and they have been tracking real-world cyberattacks showing how malicious actors were using AI capabilities. These capabilities were predicted and are expected to evolve, but what stood out for researchers was how quickly they have done so, at scale. Read Now

  • Why the Future of Video Security Is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reasons. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. Read Now

  • UL Solutions Launches Artificial Intelligence Safety Certification Services

    UL Solutions Inc., a global leader in safety science, today announced the launch of artificial intelligence (AI) safety certification services, enabling comprehensive assessments for evaluating the safety of AI-powered products. Read Now

  • ESA Announces Initiative to Introduce the SECURE Act in State Legislatures

    The Electronic Security Association (ESA), the national voice for the electronic security and life safety industry, has announced plans to introduce the SECURE Act in state legislatures across the country beginning in 2025. The proposal, known as Safeguarding Election Candidates Using Reasonable Expenditures, provides a clear framework that allows candidates and elected officials to use campaign funds for professional security services. Read Now

    • Guard Services
Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.