An Oct. 15 data breach exposed Macy’s customer information to hackers, according to a company letter sent to customers on Nov. 14.
Macy’s was alerted to a suspicious connection between Macys.com and another website on Oct. 15, and based on an investigation thereafter, found that an unauthorized third party added an unauthorized computer code to Macys.com’s checkout page and wallet page on Oct. 7.
Macy’s personnel removed the unauthorized code on the day it was discovered.
Potentially accessed information includes first and last names, addresses, phone numbers, email addresses, and payment card information. However, there is no reason to believe that this “could be used by cybercriminals to open new accounts in your name,” according to the letter.
“We quickly contacted federal law enforcement and brought in a leading class forensics firm to assist in our investigation,” the letter said. “We have reported the relevant payment card numbers to the card brands (i.e. Visa, Mastercard, American Express, and Discover). In addition, we have taken steps that we believe are designed to prevent this type of unauthorized code from being added to Macys.com.”
Consumers who believe that there was fraudulent use of their information as a result of this breach should contact an Experian agent, the letter said.
A Macy’s spokesperson told NJBIZ via email that the incident affected “a small number of customers during a one-week period.”
“Affected customers have been notified and will receive additional information, including instructions on how to enroll in consumer protection services at no cost. Security and privacy remain our priority,” the spokesperson said.=