Will a hack ruin Macy’s Christmas?
It’s becoming an annual event at Macy’s, and not the good kind like Thanksgiving Day parades or Fourth of July fireworks. For the second year in a row, the department store retailer has informed customers that its system has been breached, exposing their personal and financial information to hackers. The news comes at arguably the worst time possible for the chain as it heads into the Christmas selling season.
Macy’s, which said the breach lasted between Oct. 7 and 15, did not provide the number of accounts affected. The retailer said that hackers gained access by attaching malicious code on the “Checkout” and “My Wallet” pages on macys.com. The data thieves captured the customers’ first and last names, home addresses, emails, payment card numbers, security codes and expiration dates.
The retailer has said that its website has been cleaned of the malicious code and that it has notified law enforcement and hired a forensics team to assist in the breach investigation.
Macy’s, which has mailed out notices to customers, is offering a free year of Experian credit monitoring to those who were affected.
The department store retailer suffered a data breach last year that lasted between April 26 and June 12. During that time, hackers gained access to customers’ usernames and passwords through macys.com and bloomingdales.com. At the time, Macy’s said it had “implemented additional security measures” to protect sensitive customer information from data thieves.
Macy’s share price fell 11 percent yesterday in response to the data breach news and concerns over how it could affect the retailer’s traffic and sales numbers during the holidays.
- Macy’s Customer Payment Info Stolen in Magecart Data Breach – Bleeping Computer
- Macy’s Slumps as Website Hack Adds to Department-Store Malaise – Bloomberg/Yahoo Finance
- Macy’s breach exposed customer data, credit card numbers – CNET
DISCUSSION QUESTIONS: Will news of the Macy’s data breach negatively affect its holiday sales performance? Does Macy’s need to take steps other than those already taken to deal with the public reaction and underlying weaknesses in its systems?