Breach Brief – Macy’s, Adidas
Macy’s department stores has reported a data breach of customer data. The breach affects Macy’s online customers and exposed names, addresses, phone numbers, email addresses, birthdays, and credit and debit card numbers with expiration dates. Macy’s pointed out that it does not store credit verification values (CVV) or Social Security numbers in its online customer profiles. Macy’s has reported the data breach and exposed card numbers to payment processors Visa, MasterCard, American Express and Discover. Macy’s has not said how many customers are impacted.
According to Macy’s the breach took place between April 26 and June 12. The company reported that an “unauthorized third party” had obtained usernames and passwords and were able to log into Macy’s and subsidiary’s Bloomingdale’s shopper’s online profiles. It is not known how the hackers got the information. Macy’s reported the breach in a letter to the New Hampshire Attorney General’s Office on July 2nd.
Macy’s has frozen any customer profiles with suspicious activity until the customers change their passwords.
“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures,” the company said in a statement. “Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.”
Adidas, maker of sportswear and equipment, issued a warning to online shoppers in the U.S. that their personal information may have been compromised as a result a suspected data breach. Adidas first became aware of the incident on June 26 and analysts are saying that potentially millions of customers could be affected.
A preliminary investigation revealed that the hacker may have stolen customer’s contact information, usernames and encrypted passwords. Adidas does not believe any credit card or health and fitness information was compromised.
A statement on Adidas’ website read; “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted.” The company is in the process of notifying affected customers.