Macy’s sent a letter to customers Tuesday, informing them of a data breach that compromised credit card information. On October 15th, Macy’s discovered unauthorized code on two specific pages of their online storefront. Hackers successfully installed card skimming code on the “Checkout” and “My Wallet” pages of macys.com. Macy’s says the code was added to these pages on October 7th and discovered and removed on October 15th.
The information skimmed by hackers was First Name, Last Name, Address, City, State, Zip, Phone Number, Email Address, Payment Card Number, Payment Card Security Code, Payment Card Expiration Date. Information stolen was used to “Checkout” or added to the customer’s “My Wallet” between the 7th and the 15th from a desktop computer. Macy’s claims mobile orders were not affected. Customers affected will be contacted and offered consumer protection at no cost.
What this means for you:
If you shop on the Macy’s web site, keep an eye on the credit cards you use or have remembered on that site.
If you think your card was compromised, contact Macy’s for a consumer protection code key. Macy’s is teaming up with Experian IdentityWorks for this service.
Now that this is a known issue, be on the lookout for phishing campaigns to ride on the coattails of this event. As we always advise, don’t click on links in emails that are asking for username and password. Instead go directly to Macys.com or call to find out next steps.
For a quick refresher, click here to watch our video on phishing.
If you know you used a card between the dates listed on macys.com, call the cardholder and have them issue you a new card to head off any future issues.
Quanexus IT Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
