Will a hack ruin Macy’s Christmas?
Photo: @mtardan via Twenty20

It’s becoming an annual event at Macy’s, and not the good kind like Thanksgiving Day parades or Fourth of July fireworks. For the second year in a row, the department store retailer has informed customers that its system has been breached, exposing their personal and financial information to hackers. The news comes at arguably the worst time possible for the chain as it heads into the Christmas selling season.

Macy’s, which said the breach lasted between Oct. 7 and 15, did not provide the number of accounts affected. The retailer said that hackers gained access by attaching malicious code on the “Checkout” and “My Wallet” pages on macys.com. The data thieves captured the customers’ first and last names, home addresses, emails, payment card numbers, security codes and expiration dates.

The retailer has said that its website has been cleaned of the malicious code and that it has notified law enforcement and hired a forensics team to assist in the breach investigation.

Macy’s, which has mailed out notices to customers, is offering a free year of Experian credit monitoring to those who were affected.

The department store retailer suffered a data breach last year that lasted between April 26 and June 12. During that time, hackers gained access to customers’ usernames and passwords through macys.com and bloomingdales.com. At the time, Macy’s said it had “implemented additional security measures” to protect sensitive customer information from data thieves. 

Macy’s share price fell 11 percent yesterday in response to the data breach news and concerns over how it could affect the retailer’s traffic and sales numbers during the holidays.

BrainTrust

“While this news is certainly the last thing Macy’s needs, I am not sure it will be the deciding factor for them this holiday season.”

Dave Bruno

Director, Retail Market Insights, Aptos


“I’m afraid that Santa was planning a lump of coal for Macy’s before the data breach…”

Patricia Vekich Waldron

Contributing Editor, RetailWire; Founder and CEO, Vision First


“Unfortunately, these kinds of data breaches have become routine, to the point where shoppers react with a shrug.”

Dick Seesel

Principal, Retailing In Focus LLC

Share Your Opinion

DISCUSSION QUESTIONS: Will news of the Macy’s data breach negatively affect its holiday sales performance? Does Macy’s need to take steps other than those already taken to deal with the public reaction and underlying weaknesses in its systems?

Leave a Reply

How likely is Macy’s data breach to negatively affect its holiday sales performance?

View Results

Loading ... Loading …

24 responses to “Will a hack ruin Macy’s Christmas?”

  1. Neil Saunders Avatar
    Neil Saunders

    This won’t be helpful and there will be some negative consumer perception as a result of the hack. However, to be frank, Macy’s was never on course for a particularly happy holiday. The retail basics are not in place to support growth. In my view, this will only serve to make things worse.

    1. Jeffrey McNulty Avatar
      Jeffrey McNulty

      I concur with your assessment, Neil. This will only damage their brand even further.

  2. Suresh Chaganti Avatar
    Suresh Chaganti

    One of the problems is, it is not uncommon to use same userid/password combo on multiple sites. This means, a breach on one website can have a collateral impact on others. The compromise of Disney+ earlier this week is also case in point. Unfortunately, data breaches have become new normal, and it may have a short term blip for Macy’s for few days, but the silver lining for Macy’s is that this did not blow up a week from now.

  3. Dick Seesel Avatar
    Dick Seesel

    Unfortunately, these kinds of data breaches have become routine, to the point where shoppers react with a shrug. Macy’s holiday outlook rests with its merchandising, store experience and marketing strategies…good or bad.

  4. Zel Bianco Avatar
    Zel Bianco

    Unfortunately this is a reality of online commerce. It is also a reality that it is the responsibility of the merchant to make sure that their systems remain safe at all times. That this has happened again at Macy’s is proof that either not enough was done to prevent this from happening again or that, no matter what is done, it seems it is never enough to keep one step ahead of the bad people that want to do harm to Macy’s. Macy’s and all merchants need to do more but cybersecurity is a moving target and it will always be very challenging to stop this 100 percent of the time.

  5. Jeff Sward Avatar
    Jeff Sward

    This is an unfortunate development. My local Macy’s is in a solid B mall and looks better recently than it has in the last couple years. Inventory levels seem to be in control. Presentation standards are very much improved, even if every fixture has a sale sign on top. Cash/wraps are manned. It looks like a very real effort at improving on the basics is in motion. A data breach is the last thing any retailer needs.

  6. Dave Bruno Avatar
    Dave Bruno

    Sadly, breaches have become so common I am not convinced they have significant impacts on consumer behaviors anymore. While this news is certainly the last thing Macy’s needs, I am not sure it will be the deciding factor for them this holiday season.

  7. Rich Kizer Avatar
    Rich Kizer

    How horrible. Strike one and now strike two? There comes a point where consumer confidence is shaken to a deeper and more dangerous level. This is the last thing Macy’s needed, and frankly their answer/actions must be believable, which is going to be hard. This is one bad place for Macy’s to be at this time.

    1. Jeffrey McNulty Avatar
      Jeffrey McNulty

      I completely agree with you, Rich. This type of behavior is unacceptable for the second time in two years. I would not feel confident shopping at Macy’s this holiday season.

  8. Cynthia Holcomb Avatar
    Cynthia Holcomb

    Two data breaches within two years, especially at customer-facing “checkout” and “my wallet” tools is unacceptable. The negative effect on holiday sales will depend upon the reach of media coverage of Macy’s latest breach. As a shopper who has to personally deal with the unnecessary time spent dealing with their credit card info being stolen, why take the chance to shop Macy’s just to buy Aunt Sue a Christmas sweater? Amazon awaits.

  9. Paula Rosenblum Avatar
    Paula Rosenblum

    The only retail data breach I can recall that caused a stir was the Target breach several years ago. But it wasn’t the breach itself that created ill will — it was the company’s response, which was to arbitrarily put limits on all its corporate debit cards, instead of just issuing new ones. One lesson I learned from that was to never shop using a debit card. Ever. The laws are too sketchy.

    A credit card breach in and of itself rarely bothers consumers. The liability all lives elsewhere.

  10. Paco Underhill Avatar
    Paco Underhill

    Both major merchants and brands are facing major breaches of consumer trust. It is a poison that is fueling shifts in consumer shopping patterns. As the analog results of digital flaws become more real – what will consumer response be? It is not just a Macy’s issue.

  11. Mel Kleiman Avatar
    Mel Kleiman

    Just another hack. They have become so common that most people just seem to ignore them and think it is a part of having to live with the internet. It does not seem to cause any real damage to the retailer who is hacked.

  12. Cathy Hotka Avatar
    Cathy Hotka

    This won’t affect Macy’s holiday sales, but it may affect Macy’s performance on Wall Street. Let’s hope this is the last such story we hear during the season.

  13. Patricia Vekich Waldron Avatar
    Patricia Vekich Waldron

    I’m afraid that Santa was planning a lump of coal for Macy’s before the data breach …

  14. James Tenser Avatar
    James Tenser

    Another day, another data hack. Seems like the only people getting upset are Wall Street investors (and I suspect some of them are using this incident as an opportunity to create volatility). For the rest of us, any real presumption of data privacy has been out the window for years. Macy’s is handling this matter appropriately under the circumstances. It needs to keep its eye on the prize this holiday season, and not use this data breach as an excuse for lackluster performance.

  15. Doug Garnett Avatar
    Doug Garnett

    Consumers are becoming immune to these announcements because they’ve been coming so constantly and from such big players. Certainly “consumer groups” will raise a fuss.

    It isn’t likely to affect Macy’s holiday sales performance. But we should expect it to be one of the reasons Macy’s gives for missing their holiday numbers.

    As to other steps? The security business should stop trying to sell the myth that it’s possible to eliminate all breaches and accept they are inevitable. That would mean a shift to minimizing exposure of data when there IS a breach.

  16. David Naumann Avatar
    David Naumann

    Macy’s most recent data breach may cause some customers to avoid shopping on their website. However, many consumers may be becoming a little numb to these announcements, as they seem to be happening across all industries – even beyond retail (e.g., Facebook, healthcare, etc.).

  17. Ricardo Belmar Avatar
    Ricardo Belmar

    It certainly won’t help matters, but Macy’s has a lot of irons in the fire so to speak to try and create a happy holiday sales story. I suspect this will be a blip and most customers won’t slow down their shopping as a result. Macy’s still has a job to do to get those customers in their stores and on their website and mobile app. The real question is, has Macy’s done enough to attract those customers in the first place? I think they have a number of positives happening but the final details are always in the execution at scale and this is historically where Macy’s suffers. Data breaches may impact those consumers that were on the fence about shopping and buying at Macy’s but I expect this won’t push too many away.

  18. Ryan Mathews Avatar
    Ryan Mathews

    I’m sure it will, although — given Macy’s other problems — I’m not sure how the impact could, or should, be calculated. I’m not sure how Macy’s addresses customer concerns unless they, in fact, take radical and sustainable steps to securing its database.

  19. Ken Lonyai Avatar
    Ken Lonyai

    It’s very unfortunate that so many here are acquiescent about yet another data hack. Sure those unaffected by stolen data will lose sight of it in the information overload, but those whose data is abused can face years of serious heartache and in some cases life altering issues.

    Companies are able to get away with service level agreements stating things like “industry standard data protection.” When the industry standard is to have poor safeguards, PR spin, and a year of credit monitoring service, the industry is weak and unfortunately may need government regulation.

  20. Shep Hyken Avatar
    Shep Hyken

    It doesn’t help, but at the same time, hacks are (unfortunately) more and more common. There are bad people out there who will also be able to hack the system, regardless of all the effort to safeguard the data. How to combat a customer’s fear? There are insurance policies companies take out to give their customers peace of mind.

    It’s important for retailers to let customers know in advance what they are doing to prevent breaches, and if they happen, how they react and handle the situation. A major company once shared with me how many times cyber-criminals try to hack into their system. It wasn’t every once in a while. It was hundreds of times each day, and that’s a conservative number. Every company, not just Macy’s, needs to help their customers understand the lengths they go to to protect their customers’ data.

  21. Craig Sundstrom Avatar
    Craig Sundstrom

    No and no. That probably few of us even remember there was a “prior incident” is telling as to how frequent these have become and as a result how immune we’ve become to paying attention to them; something that is both good and bad for the impacted retailers, and society at large.

  22. Jeffrey McNulty Avatar
    Jeffrey McNulty

    This is unacceptable to happen a second time in two years. Lately, every year we are exposed to information about the profusion of retail breaches that are inundating the retail sector with the same inevitable outcome: sensitive customer information was extracted from a retailer’s website, servers, or mainframe. Consumers’ trust is waning in the face of the frequent security breaches that are becoming pervasive.

    Retailers need to go on the offensive (institute a proactive not reactive strategy) and start implementing preventive measures BEFORE a breach occurs. This type of behavior can and will damage a retailer’s brand, reputation, and future.

    I concur with Neil Saunders’ assessment of Macy’s not having a strong holiday season anyway.

Share Your Opinion

DISCUSSION QUESTIONS: Will news of the Macy’s data breach negatively affect its holiday sales performance? Does Macy’s need to take steps other than those already taken to deal with the public reaction and underlying weaknesses in its systems?

Leave a Reply

How likely is Macy’s data breach to negatively affect its holiday sales performance?

View Results

Loading ... Loading …
24 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Neil Saunders
Neil Saunders
Noble Member
3 years ago

This won’t be helpful and there will be some negative consumer perception as a result of the hack. However, to be frank, Macy’s was never on course for a particularly happy holiday. The retail basics are not in place to support growth. In my view, this will only serve to make things worse.

7
Jeffrey McNulty
Jeffrey McNulty
Reply to  Neil Saunders
3 years ago

I concur with your assessment, Neil. This will only damage their brand even further.

0
Suresh Chaganti
Suresh Chaganti
Member
3 years ago

One of the problems is, it is not uncommon to use same userid/password combo on multiple sites. This means, a breach on one website can have a collateral impact on others. The compromise of Disney+ earlier this week is also case in point. Unfortunately, data breaches have become new normal, and it may have a short term blip for Macy’s for few days, but the silver lining for Macy’s is that this did not blow up a week from now.

2
Dick Seesel
Dick Seesel
Active Member
3 years ago

Unfortunately, these kinds of data breaches have become routine, to the point where shoppers react with a shrug. Macy’s holiday outlook rests with its merchandising, store experience and marketing strategies…good or bad.

4
Zel Bianco
Zel Bianco
Active Member
3 years ago

Unfortunately this is a reality of online commerce. It is also a reality that it is the responsibility of the merchant to make sure that their systems remain safe at all times. That this has happened again at Macy’s is proof that either not enough was done to prevent this from happening again or that, no matter what is done, it seems it is never enough to keep one step ahead of the bad people that want to do harm to Macy’s. Macy’s and all merchants need to do more but cybersecurity is a moving target and it will always be very challenging to stop this 100 percent of the time.

1
Jeff Sward
Jeff Sward
Active Member
3 years ago

This is an unfortunate development. My local Macy’s is in a solid B mall and looks better recently than it has in the last couple years. Inventory levels seem to be in control. Presentation standards are very much improved, even if every fixture has a sale sign on top. Cash/wraps are manned. It looks like a very real effort at improving on the basics is in motion. A data breach is the last thing any retailer needs.

2
Dave Bruno
Dave Bruno
Member
3 years ago

Sadly, breaches have become so common I am not convinced they have significant impacts on consumer behaviors anymore. While this news is certainly the last thing Macy’s needs, I am not sure it will be the deciding factor for them this holiday season.

3
Rich Kizer
Rich Kizer
Member
3 years ago

How horrible. Strike one and now strike two? There comes a point where consumer confidence is shaken to a deeper and more dangerous level. This is the last thing Macy’s needed, and frankly their answer/actions must be believable, which is going to be hard. This is one bad place for Macy’s to be at this time.

3
Jeffrey McNulty
Jeffrey McNulty
Reply to  Rich Kizer
3 years ago

I completely agree with you, Rich. This type of behavior is unacceptable for the second time in two years. I would not feel confident shopping at Macy’s this holiday season.

0
Cynthia Holcomb
Cynthia Holcomb
Member
3 years ago

Two data breaches within two years, especially at customer-facing “checkout” and “my wallet” tools is unacceptable. The negative effect on holiday sales will depend upon the reach of media coverage of Macy’s latest breach. As a shopper who has to personally deal with the unnecessary time spent dealing with their credit card info being stolen, why take the chance to shop Macy’s just to buy Aunt Sue a Christmas sweater? Amazon awaits.

2
Paula Rosenblum
Paula Rosenblum
Active Member
3 years ago

The only retail data breach I can recall that caused a stir was the Target breach several years ago. But it wasn’t the breach itself that created ill will — it was the company’s response, which was to arbitrarily put limits on all its corporate debit cards, instead of just issuing new ones. One lesson I learned from that was to never shop using a debit card. Ever. The laws are too sketchy.

A credit card breach in and of itself rarely bothers consumers. The liability all lives elsewhere.

2
Paco Underhill
Paco Underhill
3 years ago

Both major merchants and brands are facing major breaches of consumer trust. It is a poison that is fueling shifts in consumer shopping patterns. As the analog results of digital flaws become more real – what will consumer response be? It is not just a Macy’s issue.

3
Mel Kleiman
Mel Kleiman
Member
3 years ago

Just another hack. They have become so common that most people just seem to ignore them and think it is a part of having to live with the internet. It does not seem to cause any real damage to the retailer who is hacked.

1
Cathy Hotka
Cathy Hotka
Active Member
3 years ago

This won’t affect Macy’s holiday sales, but it may affect Macy’s performance on Wall Street. Let’s hope this is the last such story we hear during the season.

3
Patricia Vekich Waldron
Patricia Vekich Waldron
Active Member
3 years ago

I’m afraid that Santa was planning a lump of coal for Macy’s before the data breach …

4
James Tenser
James Tenser
Member
3 years ago

Another day, another data hack. Seems like the only people getting upset are Wall Street investors (and I suspect some of them are using this incident as an opportunity to create volatility). For the rest of us, any real presumption of data privacy has been out the window for years. Macy’s is handling this matter appropriately under the circumstances. It needs to keep its eye on the prize this holiday season, and not use this data breach as an excuse for lackluster performance.

1
Doug Garnett
Doug Garnett
Member
3 years ago

Consumers are becoming immune to these announcements because they’ve been coming so constantly and from such big players. Certainly “consumer groups” will raise a fuss.

It isn’t likely to affect Macy’s holiday sales performance. But we should expect it to be one of the reasons Macy’s gives for missing their holiday numbers.

As to other steps? The security business should stop trying to sell the myth that it’s possible to eliminate all breaches and accept they are inevitable. That would mean a shift to minimizing exposure of data when there IS a breach.

1
David Naumann
David Naumann
Member
3 years ago

Macy’s most recent data breach may cause some customers to avoid shopping on their website. However, many consumers may be becoming a little numb to these announcements, as they seem to be happening across all industries – even beyond retail (e.g., Facebook, healthcare, etc.).

1
Ricardo Belmar
Ricardo Belmar
Active Member
3 years ago

It certainly won’t help matters, but Macy’s has a lot of irons in the fire so to speak to try and create a happy holiday sales story. I suspect this will be a blip and most customers won’t slow down their shopping as a result. Macy’s still has a job to do to get those customers in their stores and on their website and mobile app. The real question is, has Macy’s done enough to attract those customers in the first place? I think they have a number of positives happening but the final details are always in the execution at scale and this is historically where Macy’s suffers. Data breaches may impact those consumers that were on the fence about shopping and buying at Macy’s but I expect this won’t push too many away.

1
Ryan Mathews
Ryan Mathews
Active Member
3 years ago

I’m sure it will, although — given Macy’s other problems — I’m not sure how the impact could, or should, be calculated. I’m not sure how Macy’s addresses customer concerns unless they, in fact, take radical and sustainable steps to securing its database.

1
Ken Lonyai
Ken Lonyai
Member
3 years ago

It’s very unfortunate that so many here are acquiescent about yet another data hack. Sure those unaffected by stolen data will lose sight of it in the information overload, but those whose data is abused can face years of serious heartache and in some cases life altering issues.

Companies are able to get away with service level agreements stating things like “industry standard data protection.” When the industry standard is to have poor safeguards, PR spin, and a year of credit monitoring service, the industry is weak and unfortunately may need government regulation.

1
Shep Hyken
Shep Hyken
Active Member
3 years ago

It doesn’t help, but at the same time, hacks are (unfortunately) more and more common. There are bad people out there who will also be able to hack the system, regardless of all the effort to safeguard the data. How to combat a customer’s fear? There are insurance policies companies take out to give their customers peace of mind.

It’s important for retailers to let customers know in advance what they are doing to prevent breaches, and if they happen, how they react and handle the situation. A major company once shared with me how many times cyber-criminals try to hack into their system. It wasn’t every once in a while. It was hundreds of times each day, and that’s a conservative number. Every company, not just Macy’s, needs to help their customers understand the lengths they go to to protect their customers’ data.

1
Craig Sundstrom
Craig Sundstrom
Active Member
3 years ago

No and no. That probably few of us even remember there was a “prior incident” is telling as to how frequent these have become and as a result how immune we’ve become to paying attention to them; something that is both good and bad for the impacted retailers, and society at large.

0
Jeffrey McNulty
Jeffrey McNulty
3 years ago

This is unacceptable to happen a second time in two years. Lately, every year we are exposed to information about the profusion of retail breaches that are inundating the retail sector with the same inevitable outcome: sensitive customer information was extracted from a retailer’s website, servers, or mainframe. Consumers’ trust is waning in the face of the frequent security breaches that are becoming pervasive.

Retailers need to go on the offensive (institute a proactive not reactive strategy) and start implementing preventive measures BEFORE a breach occurs. This type of behavior can and will damage a retailer’s brand, reputation, and future.

I concur with Neil Saunders’ assessment of Macy’s not having a strong holiday season anyway.

1