Macy’s is the latest major company to suffer an online data breach, as the retail chain said hackers may have accessed online customer data, including credit card numbers.
The breach affected “one-half of one percent” of customers who were registered on Macys.com or Bloomingdales.com, spokeswoman Blair Rosenberg told Bloomberg. (Macy’s Inc. is the parent company of Bloomingdale’s.) The company said that hackers were able to take customer data and login information from websites unrelated to Macy’s, and use them for access on Macy’s and Bloomingdale’s sites.
It’s unclear how this happened, as no further information was given, though it’s possible the affected users were using the same user names and passwords for multiple sites, including Macys.com and Bloomingdales.com.
[We’ve long warned readers not to use the same passwords for multiple sites. There’s an easy way to solve this — get a password manager. Check out our roundup.]
Other personal data may have been accessed as well, including birthdates. Macy’s said that social security numbers were not accessed in the breach. The data breach occurred between April 26 and June 10. The questionable profiles have been blocked.
Macy’s is contacting users who have been affected by this incident. It’s notable, however, that there doesn’t seem to be any obvious acknowledgement of the issue on either Macy’s or Bloomingdale’s websites.
According to Bloomberg, Macy’s is offering consumer protection services to those affected customers. It’s a typical response to these breaches, and it likely includes some form of credit monitoring.
One Of Many
Macy’s is far from alone when it comes to major American retail chains affected by recent data breaches. Sears, Delta Air Lines and Best Buy were all affected by the same breach. Restaurant chains have gotten hit as well, including Chili’s and Applebee’s, which both suffered in-store issues affecting payment cards.