Macy’s Suffers Online Data Breach

Macy’s is the latest major company to suffer an online data breach, as the retail chain said hackers may have accessed online customer data, including credit card numbers.

The breach affected “one-half of one percent” of customers who were registered on Macys.com or Bloomingdales.com, spokeswoman Blair Rosenberg told Bloomberg. (Macy’s Inc. is the parent company of Bloomingdale’s.) The company said that hackers were able to take customer data and login information from websites unrelated to Macy’s, and use them for access on Macy’s and Bloomingdale’s sites.

It’s unclear how this happened, as no further information was given, though it’s possible the affected users were using the same user names and passwords for multiple sites, including Macys.com and Bloomingdales.com.

Other personal data may have been accessed as well, including birthdates. Macy’s said that social security numbers were not accessed in the breach. The data breach occurred between April 26 and June 10. The questionable profiles have been blocked.

Macy’s is contacting users who have been affected by this incident. It’s notable, however, that there doesn’t seem to be any obvious acknowledgment of the issue on either Macy’s or Bloomingdale’s websites.

According to Bloomberg, Macy’s is offering consumer protection services to those affected customers. It’s a typical response to these breaches, and it likely includes some form of credit monitoring.

One Of Many

Macy’s is far from alone when it comes to major American retail chains affected by recent data breaches. Sears, Delta Air Lines, and Best Buy were all affected by the same breach. Restaurant chains have gotten hit as well, including Chili’s and Applebee’s, which both suffered in-store issues affecting payment cards.