How to Check If You Have Been AffectedNovember 21, 2019
Macy’s has written to customers that have been affected by a data breach, just ahead of its Q3 earnings and the Black Friday shopping season.
In a letter dated November 14, the company said: “On behalf of Macy’s, we are writing to inform you about a recent incident involving unauthorized access to personal information about you on macys.com.”
The letter goes on to say that on October 15, 2019, the company was made aware of a suspicious connection between the domain macys.com and another website.
“Based on our investigation, we believe that on October 7, 2019 an unauthorized third party added unauthorized computer code to two pages on macys.com. The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two macys.com pages,” the company said. These were the checkout page and the wallet page.
What Information Was Stolen From Macy’s?
While the code was removed on October 15, 2019, according to the company, the following information potentially could have been accessed:
- First Name
- Last Name
- Phone Number
- Email Address
- Payment Card Number
- Payment Card Security Code
- Payment Card Month/Year of Expiration
Macy’s has confirmed that “customers checking out or interacting with the My Account wallet page on a mobile device or on the macys.com mobile application” were not affected.
What is Magecart?
According to ZDNet, this was a “Magecart” attack. RiskIQ explains that Magecart is a cybercrime syndicate that specialize in digital credit card theft.
Other companies that have fallen foul to this type of breach are Ticketmaster and British Airways, according to the security company.
How Can You Find Out Whether You Were Affected By the Macy’s Data Breach?
According to Macy’s, there are number of ways customers can ascertain whether they’ve been affected:
- Customers should remain vigilant for incidents of financial fraud and identity theft by regularly reviewing account statements and immediately report any suspicious activity to their card issuer.
- Contact their card issuer to inform them that their card information may have been compromised. Your card issuer can suggest appropriate steps to protect your account.
Macy’s has added a precaution to help customers protect themselves. It has arranged to have Experian IdentityWorksSM provide identity protection services for 12 months at no cost to affected customers. The activation code for these services is unique to each customer.
Experian can also help customers who believe fraudulent use of their information took place as a result of the data breach incident with the following:
- Helping with contacting…