As its website has been hacked with code that steals shoppers’ payment information, Macy’s announced it has experienced a data breach. The website was compromised in early October, and a malicious script was added to the My Wallet and Checkout pages, Bleeping Computer reported.
As Macy’s said in a letter posted by the outlet, “On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website. Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, 2019 an unauthorized third party added unauthorized computer code to two (2) pages on macys.com.”
The statement continued, “We are aware of a data security incident involving a small number of our customers on Macys.com. We have investigated the matter thoroughly, addressed the cause and have implemented additional security measures as a precaution. All impacted customers have been notified, and we are offering consumer protections to these customers at no cost.”
In separate news, a security researcher discovered that credit card-stealing malware was put into the code of the American Cancer Society’s online store. Willem de Groot discovered the malicious code, which was deeply buried and made to appear as analytics code. It was intended to scrape credit card numbers for sale on the dark web or for other malicious activities.
There have been similar attacks on Newegg, British Airways, Ticketmaster and AeroGarden. The attackers were reportedly part of the Magecart hacking group.