Macys & Bloomingdales Customer Accounts Breached
Attivo Networks Blogs

Unauthorized party accesses Macys.com and Bloomingdales.com customer accounts

SC media logo

For nearly two months, an unauthorized party reportedly used stolen usernames and passwords to log into the online accounts of certain Macys.com and Bloomingdales.com customers.

The breach took place from April 26 through June 12, compromising data such as full names, addresses, phone numbers, email addresses, birthdays, and payment card numbers with expiration dates, according to a July 6 report in the Detroit Free Press.

The incident was detected by Macy’s cyber threat alert tools on June 11, and no CVV or Social Security numbers were affected, the retailer told customers in a letter last week, the Free Press further reports. Macy’s has blocked the compromised customer profiles, which can only be reactivated if their rightful owners change their passwords.

“We are aware of a data security incident involving a small number of our customers at Macys.com and Bloomingdales.com,” reads a brief corporate statement, sent to SC Media today. “We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.”

John Gunn, CMO at OneSpan, wasn’t particularly impressed with Macy’s statement. “Macy’s declaration that they have added additional security measures as a precaution is like saying you have added fire extinguishers after the building has burnt to the ground,” said Gunn in an emailed statement. “Private citizens have no way of knowing if the firms that they have trusted are implementing proper security measures and the frequency with which breaches continue to occur would indicate that this is not the case. Most firms implement necessary security, such as multifactor authentication, but additional regulation is needed to ensure that all of them do.”

Read more>>>

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

thirteen − 7 =

Ready to find out what’s lurking in your network?

Scroll to Top