The retail firm, Macy’s, announced yesterday that the company’s ecommerce site was accessed by an unauthorized third party from “an outside source.” The hacker had used valid usernames and passwords to gain access. The breach occurred from April 26 to June 12th of this year, and exposed some customer’s profiles, email addresses, dates of birth, and credit card numbers with expiration dates. The compromised data did not include the credit card security numbers. Macy’s official statement said that they were “aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com,” were investigating the cause, and were putting new security measures in place. They said they were notifying the affected customers via email and will offer free consumer protection services to those whose data has been compromised. Macy’s urged their consumers to change their passwords and have frozen the accounts of those affected until they do so.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased