US-based retailer Macy’s has reported an online data breach, which compromised customers’ personal data including credit card information.

The incident is found to have occurred between April and June this year. It exposed credit and debit card numbers and expiration dates, names, addresses, phone numbers, email addresses and birthdays of customers who shopped online at and

Macy’s said that its cyber threat alert tools identified suspicious login activity, where customer online profiles were accessed using valid usernames and passwords.

The attacker could not access credit verification values (CVV) or social security numbers, as they are not stored on the retailer’s online customer profiles, the retailer noted.

It is believed that the data has been obtained from an unauthorised third party source.

The retailer has blocked the profiles with suspicious activity, which can only be unlocked when a customer changes password for the profile.

In a letter sent to the New Hampshire Attorney General’s Office, Macy’s said that it has notified Mastercard, Visa, American Express and Discover of the exposed card numbers.

The retailer also advised customers to routinely monitor their credit reports and alert the concerned card company in case of any unauthorised transactions.