Hello All. Looks like Macy’s is the latest retailer to get hit be cyber criminals. Macy’s mentioned last week that attackers had obtained the names and passwords of some customers and may even have gained access to their credit card numbers and expiration dates, though not the CVV2 codes, which it does not store. Macy’s claims that the breach was small in scale, only affecting approx. 0.5% of customers registered on macys.com or bloomingdales.com. The breach apparently occurred between April 26 and June 10. On June 11, Macy’s detected the suspicious activity and soon after blocked the profiles in question. Macy’s said it has contacted the affected customers and will provide consumer protection services free of charge.
With a string of retail breaches since Target and Home Depot years ago such as Adidas a few weeks ago, HBC (Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor stores) as well as companies hit by breaches in the last year such as Sears and Kmart, Whole Foods, and Under Armour, it doesn’t look like there is any end to the breaches and that organizations aren’t implementing strong enough controls to protect the valuable customer data they are custodians of.