data breach, hacked

Payment Info Stolen from Online Store

Macy's, a popular American department store chain, announced that their website has been hacked and for a week leaked customer payment information. The store became a victim of a well-known type of compromise, called MageCart, in which hackers inject malicious script into sections of a website to steal information submitted by the customer.

In this particular case, two pages has been compromised: "Checkout" and "My Wallet", which enabled the hacker to gather sensitive information such as: customer's first and last names, address, phone number, email address, payment card number, its security code, and month/year of expiration. Macy's website has been hacked on October 7th, but the company has been alerted about it only on October 15th. They succeeded in removing the malicious code, however, at the time, the website had been breached already for a week.

All online shoppers are advised to take special care, especially with Black Friday and Cyber Monday so near - hackers increase their malicious attempts at busy times like this.

Author image

About Ariadna Pawluk

Cybersecurity enthusiast, hunting all the freshest news, insights and tidbits.