Macy’s Customer Data Breach Exposes Credit Card Numbers, PII

Macy’s Customer data has been hijacked by hackers according to a notice posted by the company. The information posted reveals details about the security incident reveals that soon after the automated security systems detected the malicious user their accounts have been blocked. However Macy’s customer data may have been obtained by the criminal.

Here’s What We Know Macy’s Customer Data Breach

Macy’s published a Notice of Data Breach message giving details on the latest hacker intrusion — the hijacking of their company’s customer data. The document gives on details on the currently known information about the Macy’s customer data breach.

The notification reads that on June 11 2018 their automated cybersecurity software reported suspicious login activities that were related to certain online profiles on their online shop. This is the first reported instance of the hacker’s intrusion wherein they used valid combinations of usernames and passwords. Following this trigger a security investigation concluded that the login attempts were not done by the users, they are attributed to a malicious actor.

The origins of the harvested account profiles has resulted into an analysis of all prior login attempts. The security team reports that it is believed that between approximately April 26 and June 12 the hacker or criminal group behind the customer data breach have logged in to the systems. It is believed that the credentials were obtained from sources other than Macy’s systems as no vulnerabilities in their servers have been identified.

The login attempts resulted in the customer data hijacking of personal data stored in Macy’s systems. This includes the following:

  • First and Last Name.
  • Full Address.
  • Phone Number.
  • Email Address.
  • Birthday (Month & Day only).
  • Debit/Credit Card Number.
  • Debit/Credit Card Expiration Dates.

The Macy’s breach notification message (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/macys-customer-data-breached-security-investigation-underway/