Malicious Web Code Added To Macy’s Website Leads to Critical Data Breach
PALM BEACH, FL – Right at the start of the year’s busiest shopping season, retailer Macy’s notified impacted customers (by letter) that an unauthorized third party was able to access sensitive customer payment information from the Macys.com checkout and wallet pages.
The following information may have been accessed if it was typed into the affected web-pages by a customer:
- Payment card numbers
- Payment card security codes
- Payment card expiration dates
- Full names
- Addresses
- Phone numbers
- Email addresses
The breach affected an undisclosed number of customers who entered credit card data and hit the “place order” button on the Macys.com checkout page or who accessed the wallet page through the My Account section of the website.
The unauthorized access occurred due to malicious code added on October 7 and removed by Macy’s on October 15. Customers checking out or interacting with the MyAccount wallet page on a mobile device or on macys.com mobile app were not affected. It has been reported that Macy’s has notified all impacted customers.
Macy’s is recommending customers review their credit card statements and promptly report any unauthorized activity. Customers aren’t responsible for unauthorized charges they promptly report to financial institutions.
About The Author: John Colascione is Chief Executive Officer of SEARCHEN NETWORKS®. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a how-to book called ”Mastering Your Website‘, and is a key player in several online businesses.
