PYMNTS-MonitorEdge-May-2024

Macy’s Online Customers Warned Of Data Breach

Macy's

After Macy’s cyber tools detected suspicious logins on June 11, the retailer is warning customers about a data breach. The retailer said that a threat targeted the profiles of customers for nearly two months, Detroit Free Press reported.

In a letter to its eCommerce customers, Macy’s said that a third party was behind the suspicious activity, and that party had received information from a non-Macy’s source. Over a period spanning from the end of April to the middle of June, the party made use of user names and passwords to log in to customers’ accounts, and then gained access to names, email addresses, phone numbers, birthdays and payment card information. However, Macy’s said the accounts don’t include Social Security numbers or CVV numbers.

While Macy’s blocked the profiles that it believes to have been compromised, the retailer is asking customers to “remain vigilant.” In addition, Macy’s has arranged for free identity protection to customers impacted by the incident through AllClear ID.

The news comes a few months after Orbitz, a subsidiary of online travel agency Expedia, had announced that it was hit with a data breach in 2016. The company stated that hackers were able to access personal information from about 880,000 payment cards.

According to Reuters, an investigation showed that the breach may have occurred between January 1, 2016 and December 22, 2017 for its partner platform, and between January 1, 2016 and June 22, 2016 for its consumer platform. The website Orbitz.com was not impacted. The exposed information may have included names, phone numbers, email addresses and billing addresses. The company also revealed that the Social Security numbers of U.S. customers were not involved in this breach, which was just discovered in March of this year.

“To date, we do not have direct evidence that this personal information was actually taken from the platform, and there has been no evidence of access to other types of personal information, including passport and travel itinerary information,” Orbitz had said.

PYMNTS-MonitorEdge-May-2024