Breach Brief – Macy’s

Published On November 20, 2019 | By Tom Huskerson | Breach Briefs

Upscale retailer Macy’s has reported a breach of its payment system. Macy’s is the latest high-profile victim of the Magecart cyber attack. The attack exposed and unknown number of customer’s personal data including credit card information, addresses, phone numbers and email addresses that was leaked after being entered on a compromised web page.

Macy’s became aware of the breach on October 15th, a week after two specific pages on its site, the checkout page and the wallet page accessed through the users’ accounts, were hacked. Hackers had inserted malicious code into the pages.

Magecart is a credit card fraud technique that skims card numbers in a supply chain attack. Hackers insert malicious JavaScript into third-party software used by retailers in their online checkout systems. Magecart has been previously used to attack British Airways and Ticketmaster and is known to be used by a numerous different threat groups.

Macy’s does not believe that the attack and associated customer information could be used by criminals to open new, fraudulent accounts. However the retailer has offered customers affected by the breach a 12-month subscription to Experian’s IdentityWorks fraud protection service. According to Macy’s all customers impacted by the data breach have been notified but cautioned consumers to monitor their credit card statements for fraud-related activity.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.