Macy’s Data Breach Will Have Aftershocks As Well
‘Tis the season to be wary. That is the very unfestive truth, at least for this year it seems, as department store Macy’s has warned that web skimmer malware was discovered on the Macys.com website last month, collecting a small number customers’ payment card information. The attack has been linked to Magecart, an umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites.
Macy’s sent out a data breach notice to their customers that stated, in part, “An unauthorized third party added unauthorized computer code to Macys.com on Oct. 7. The code, which was discovered and removed on Oct. 15, was collecting customers’ first and last names, addresses, phone numbers and email addresses, payment card information including number, security code, and expiration dates.”
The retail giant added that they felt there was no reason to believe that the incident could be used by cybercriminals to open new accounts in the affected customer’s names. The statement continued, “Nonetheless, you should remain vigilant for incidents of financial fraud and identity theft by regularly reviewing your account statements and immediately report any suspicious activity to your card issuer.”