Macy's customers shopping online may have had their credit card info stolen
Names, addresses, phone numbers and email addresses were also captured in a cyber attack in October.
- I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Macy's has suffered a data breach.
Macy's has told customers about a data breach on its online shopping site, where credit card information may have been stolen back in October. As reported earlier Tuesday by CNET sister site ZDNet, the breach was caused by a Magecart card-skimming code implanted in the payment portal.
In a letter to customers, Macy's said it was alerted on Oct. 15 of a "suspicious connection" between its site and another. It discovered after investigating that on Oct. 7, unauthorized computer code was added to two pages on macys.com, allowing a third party to capture customer information at the checkout page and the wallet page.
The code was removed by Macy's on Oct. 15.
Macy's says the info accessed could include customer names, addresses, phone numbers and email addresses in addition to payment card numbers, expiries and security codes. Customers using the mobile app were not affected.
The department store has contacted federal law enforcement, as well as Mastercard, American Express, Visa and Discover. It says it has also "taken steps" to prevent it from happening again.
