Breach Brief – Macy’s
Upscale retailer Macy’s has reported a breach of its payment system. Macy’s is the latest high-profile victim of the Magecart cyber attack. The attack exposed and unknown number of customer’s personal data including credit card information, addresses, phone numbers and email addresses that was leaked after being entered on a compromised web page.
Macy’s became aware of the breach on October 15th, a week after two specific pages on its site, the checkout page and the wallet page accessed through the users’ accounts, were hacked. Hackers had inserted malicious code into the pages.
Macy’s does not believe that the attack and associated customer information could be used by criminals to open new, fraudulent accounts. However the retailer has offered customers affected by the breach a 12-month subscription to Experian’s IdentityWorks fraud protection service. According to Macy’s all customers impacted by the data breach have been notified but cautioned consumers to monitor their credit card statements for fraud-related activity.