View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. News
  2. Company news
July 13, 2018updated 24 Jan 2022 7:21am

Macy’s online data breach exposes customer card data

US-based retailer Macy’s has reported an online data breach, which compromised customers’ personal data including credit card information.

The incident is found to have occurred between April and June this year. It exposed credit and debit card numbers and expiration dates, names, addresses, phone numbers, email addresses and birthdays of customers who shopped online at and

Macy’s said that its cyber threat alert tools identified suspicious login activity, where customer online profiles were accessed using valid usernames and passwords.

The attacker could not access credit verification values (CVV) or social security numbers, as they are not stored on the retailer’s online customer profiles, the retailer noted.

It is believed that the data has been obtained from an unauthorised third party source.

The retailer has blocked the profiles with suspicious activity, which can only be unlocked when a customer changes password for the profile.

In a letter sent to the New Hampshire Attorney General’s Office, Macy’s said that it has notified Mastercard, Visa, American Express and Discover of the exposed card numbers.

The retailer also advised customers to routinely monitor their credit reports and alert the concerned card company in case of any unauthorised transactions.


Topics in this article: ,
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Electronic Payments International