When you boast to be the world’s largest anything, you’re practically issuing a challenge not just to competitors but also to criminal elements to try their luck in taking you down. When you are one of the US’ largest department stores, you definitely have a large target on your back, tempting hackers to try and make a profit at your customers’ expense. That is the horrifying truth that Macy’s and “a small number” of its customers have discovered last month after the retailer’s online store was compromised, allowing hackers to get away with some shopper’s credit card information.
Like all of the worst hacking incidents, this happened silently with none the wiser until an anonymous security researcher tipped Macy’s on October 15. By then, however, the data breach has already been in operation for 8 days, running away with critical customer data.
The data that was pilfered by this breach is frighteningly exhaustive. According to Bleeping Computer, the attackers were able to get access to customer’s names, addresses, phone numbers, emails, payment card numbers, security codes, and expiration dates. In other words, the exact data needed to use those cards for fraudulent purchases.
The only good thing about this incident is that, unlike a database breach, these pieces of data could only be stolen if the customer put them in the compromised pages. Unfortunately, those pages were the checkout page and the user Wallet page. Still, Macy’s claims that only a small percentage of its customers were affected and have already initiated countermeasures, including offering credit card monitoring for affected customers.