Macy’s data breach sees customer payment details stolen
Macy’s revealed that its website suffered a security breach for a week in October, exposing customers’ personal information, including their payment information.
As reported by Bleeping Computer, the data breach occurred on macys.com and is known as the Magecart attack. The hackers managed to insert malicious code into the Checkout and My Wallet pages of the department store’s website, which then collected the personal information of customers who used the site.
The malicious code was present on the website from October 7 to 15, meaning that if you shopped there between those dates, your personal information was likely stolen. Information collected by an unauthorized third party includes first name, last name, address, city, state, zip code, telephone number, email address, payment card number, security code and month / year of expiration. In other words, they got it all.
Macy’s believes that only a “small number of our customers” were affected by the data breach. Despite this, a forensic company was hired to investigate what had happened, law enforcement was notified, and all major payment card companies were made aware of the breach. Customers have received an email if Macy’s believes their data has been stolen, with advice on what to do if they see anything suspicious about their identity or payment records. Experian IdentityWorks protection is also available to affected customers free of charge for 12 months.
Online shopping continues to be a risk, simply because you rely on stores with rock-solid security to protect your information. As Macy’s proves, this just isn’t the case and so it’s up to consumers to protect themselves, we just need more ways to easily get “point-of-payment” protection.
Apple recently launched its own numberless payment card to enter or reuse. This may be how all credit cards will work in the future.