Macy’s falls victim to hack exposing customer data

The Hack itself

Popular department store Macy’s looks to have been hit with a card skimming hack, similar to this one involving British Airways.

Hackers were able to capture customer data including names, addresses and other personal data alongside credit card numbers, expiry dates and CCV codes. The breach took place between the 7th and 15th of October and as yet it is unclear how many customers have been affected.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.

With Black Friday coming up this could have been even more disastrous and we urge retailers to take stock of their security ahead of this event (as well as just in general). The hack appears to also have affected Macy’s stocks with a decline of 11%.

This is not the first time Macy’s have been hacked either with a months-long breach occurring last year which resulted in stolen passwords and financial details.


How to avoid these kinds of hacks

No specific details have been provided about the nature of the hack as yet. This may have been due to third party software but it’s also entirely possible hackers gained access via a common vulnerability and were able to add the malicious code from the inside.
There are lots of ways to check for these vulnerabilities and as we always say prevention is better than the cure so it’s important to be constantly checking your security posture. See our other posts for some general tips on how to improve IT security and also how AppCheck scans for OWASP Top 10 vulnerabilities.


For more information please feel free to reach out to us and of course don’t forget AppCheck offers a free vulnerability assessment. Sign-up below.

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses

Get in touch

Please enable JavaScript in your browser to complete this form.