Macy’s Customer Payment Info Stolen in MageCart Data Breach
American department store chain Macy’s announced that they suffered a data breach in October, resulting in customer payment information being exposed. The attack, called a MageCart attack, involves hackers compromising a website and using malicious scripts to steal information submitted when a customer purchases an item. Macy’s was not aware of the hack for an entire week after the site was breached. Attackers were able to access customer information, including customer’s first and last name, address, phone number, card number, security code, expiration date, and email address.
Macy’s announced that they had hired a forensics firm to investigate the breach, and they have since contacted credit card brands Visa, American Express, Discover, and Mastercard. Macy’s stated that they have adopted additional security measures to prevent future attacks. All impacted customers were contacted and advised to monitor credit card statements, as well as offering customers affected a free year of Experian IdentityWorks credit monitoring service.