The Rippleshot Data Breach Blog

What Financial Institutions Should Know About the Macy's Online Data Breach

Written by Anna Kragie | Nov 22, 2019 5:47:44 PM

News broke this week that Macy's online payment portal on its ecommerce site was hacked by Magecart, a cyber criminal group known for injecting payment card skimmers into ecommerce websites. From what's been reported, we know payment data stolen was submitted by shoppers onto payment/checkout pages. 

Macy’s reported that it received an alert about "a suspicious connection between macys.com and another website,” which led to an immediate investigation. The hacker group reportedly injected computer code onto two pages at macys.com: The checkout page if credit card data was entered and an order was placed, and the wallet page of a shopper’s account page.

The questions left for financial institutions is what can they do about it, how can they protect their cardholders and how can they protect themselves in the future? We answer those questions in our latest breach alert. 

The card data breach on macys.com was discovered 7 days after it was believed to have occurred. Reports indicate a card-skimming script was injected onto the online payment portal on Oct. 7 and discovered on Oct. 15 It's believed that names, addresses, ZIP codes, email addresses, payment card numbers, card security codes, and expiration dates were breached. The impacted number of consumers is unknown. 

Want to know what you should do to proactively protect your cardholders from the fallout of this data breach? Click the button above to download our full breach tips.