Home GDPR #Privacy: Macy’s announces Magecart data breach 
GDPR - November 19, 2019

#Privacy: Macy’s announces Magecart data breach 

According to a “Notice of Data Breach” issued by Macy’s, online customers had their card details skimmed due to a Magecart attack. 

The US department store stated that it was alerted of a data breach on October 15, 2019 regarding a suspicious connection between macys.com and another website. 

Following an investigation, it is believed that an unauthorised third party added malicious script to two pages on macys.com on October 7, 2019. The script was added to the “Checkout” and “My Wallet” pages. 

The malicious script was removed on the same day it was identified, however customers that placed online orders or submitted their financial details prior to the code being removed – may have had their information stolen. 

Threat actors may have potentially accessed personal information and financial credentials including first name; last name; address; city; state; zip; email address; phone number; payment card number; payment card security code; payment card month/year of expiration – if these were submitted into the compromised page. 

Macy’s have notified law enforcement and hired a leading class forensics firm to assist with their investigation. In addition, all relevant card brands (i.e Visa, Mastercard, Discover and American Express) have also been alerted. 

In the notice, Macy’s wrote: “There is no reason to believe that this incident could be used by cybercriminals to open new accounts in your name. Nonetheless, you should remain vigilant for incidents of financial fraud and identity theft by regularly viewing your account statements and immediately reporting any suspicious activity to your card issuer.”

Macy’s told BleepingComputer that only a small amount of customers were impacted, and that additional security measures have been implemented to prevent this from occurring again. 

Macy’s has also arranged to have Experian IdentityWorks to provide its customers with identity protection services for 12 months at no additional cost. 

The post #Privacy: Macy’s announces Magecart data breach  appeared first on PrivSec Report.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Getting employees invested: Overcoming complacency to emphasize security

Your employees are the key to smarter security. Learn how you can re-establish company sec…