Get Started Now! Get Your Credit Repair Do It Yourself!!

How to Check If You Have Been Affected

New IdentityTheft Scam

Macy’s has written to customers that have been affected by a data breach, just ahead of its Q3 earnings and the Black Friday shopping season.

In a letter dated November 14, the company said: “On behalf of Macy’s, we are writing to inform you about a recent incident involving unauthorized access to personal information about you on macys.com.”

The letter goes on to say that on October 15, 2019, the company was made aware of a suspicious connection between the domain macys.com and another website.

Macys.com was affected by the Magecart cybercrime syndicate, which has potentially stolen customer personal data, including payment card details.
Macy’s

“Based on our investigation, we believe that on October 7, 2019 an unauthorized third party added unauthorized computer code to two pages on macys.com. The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two macys.com pages,” the company said. These were the checkout page and the wallet page.

What Information Was Stolen From Macy’s?

While the code was removed on October 15, 2019, according to the company, the following information potentially could have been accessed:

  • First Name
  • Last Name
  • Address
  • City
  • State
  • Zip
  • Phone Number
  • Email Address
  • Payment Card Number
  • Payment Card Security Code
  • Payment Card Month/Year of Expiration

Macy’s has confirmed that “customers checking out or interacting with the My Account wallet page on a mobile device or on the macys.com mobile application” were not affected.

What is Magecart?

According to ZDNet, this was a “Magecart” attack. RiskIQ explains that Magecart is a cybercrime syndicate that specialize in digital credit card theft.

The operatives gain access to websites either directly or via third-party services and use malicious JavaScript to steal data shoppers enter into online payment forms on checkout pages.

Other companies that have fallen foul to this type of breach are Ticketmaster and British Airways, according to the security company.

How Can You Find Out Whether You Were Affected By the Macy’s Data Breach?

According to Macy’s, there are number of ways customers can ascertain whether they’ve been affected:

  • Customers should remain vigilant for incidents of financial fraud and identity theft by regularly reviewing account statements and immediately report any suspicious activity to their card issuer.
  • Contact their card issuer to inform them that their card information may have been compromised. Your card issuer can suggest appropriate steps to protect your account.

Macy’s has added a precaution to help customers protect themselves. It has arranged to have Experian IdentityWorksSM provide identity protection services for 12 months at no cost to affected customers. The activation code for these services is unique to each customer.

Experian can also help customers who believe fraudulent use of their information took place as a result of the data breach incident with the following:

  • Helping with contacting creditors to dispute charges and close accounts.
  • Assisting in placing a freeze on customer’s credit file with the three major credit bureaus.
  • Assisting with contacting government agencies to help restore identity.

Macy’s also encourages its customers to activate the “fraud detection tools” available through Experian IdentityWorks, which is complimentary for 12 months. This product provides identity detection and resolution of identity theft. Customers need to follow the steps below, according to Macy’s:

  • Ensure that you enroll by November 30, 2020, as the activation code will not work after this date.
  • Visit the Experian IdentityWorks website to enroll: https://www.experianidworks.com/identity
  • Provide the activation code provided by Macy’s.
  • Customers can also contact Experian’s customer care team on 855-557-2999 by November 30, 2020, for assistance.

Macy’s also reminds its customers that a credit card will not be required for enrollment to Experian IdentityWorks.

“We are aware of a highly sophisticated and targeted data security incident related to macys.com that affected a small number of customers during a one-week period in October,” a spokesperson from Macy’s told Newsweek. “Our security teams quickly engaged a leading forensic firm to remove the threat.

“Details of this incident were reported to federal law enforcement for investigation and to assist other websites in managing this threat. Affected customers have been notified and will receive additional information, including instructions on how to enroll in consumer protection services at no cost. Security and privacy remain our priority.”

This article was updated to include a statement from Macy’s.



Source: on 2019-11-21 07:01:45

Read More At Source Site

Add a Comment

Your email address will not be published. Required fields are marked *

+ 33 = 41