This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
11/20/2019
Macys.com checkout page hacked; customers advised to be vigilant of fraud
Security Boulevard
American department store chain Macy’s has suffered an embarrassing data breach where hackers gained access to customers’ personal and financial information, including credit card numbers and even card security codes.
In a letter to affected customers, Macy’s reveals that an unknown cybercriminal or group of hackers targeted macys.com with malicious code placed strategically at the checkout page and My Account wallet page in order to grab credit card information usable for fraud.
The company noticed suspicious activity on October 15 and started an investigation. It then learned the hack had occurred more than a week earlier, on October 7, giving attackers plenty of time to exfiltrate enough personal and financial data to be used in fraud and identity theft.
According to the notice, cybercriminals “potentially” accessed customers’: First Name; Last Name; Address; City; State; Zip; Phone Number; Email Address; Payment Card Number; Payment Card Security Code; Payment Card Month/Year of Expiration if the values for these items were typed into the webpage while on either the macys.com checkout page or in the My Account wallet page.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more informationResources
Your electronic library to help in fighting financial fraud for all of our partners.
more information