The retail giant Macy’s has one of the most popular online shopping websites in the United States, so it comes as no surprise that the company is a lucrative target for attackers. A breach that occurred over the week of October 7th to October 15th, 2019 likely affected thousands of customers and their information, including customer names, addresses, phone numbers, credit card numbers, card verification codes, and expiration dates. This is a result of a credit card skimmer being placed on the company’s website, and while a specific threat group has not been named as a suspect, the many criminal groups known as “Magecart” are notorious for these styles of attacks. As more details emerge regarding this breach, it will be challenging for Macy’s to handle public relations and regaining the trust of customers–the last breach that affected Macy’s resulted in the company becoming the target of a class-action lawsuit.
With the holiday season fast approaching, online retail will become increasingly targeted due to the elevated traffic on websites. Magecart style of attacks has always been a popular attack vector when going after the e-commerce sector. Several security services exist for the purpose of monitoring e-commerce websites for signs that e-skimming code has been inserted into the checkout process. These services, if effective, can provide notification after a website has been breached. A more proactive approach to protecting e-commerce websites is to employ a defense-in-depth strategy to protect the web servers, including access management, multi-factor authentication, and endpoint detection and response capabilities to detect attacker behaviors on servers and workstations.