🛍 Macy's Cyber Fraud Alert! 🛍

Mz iMac · ‎07-26-2014

Macy's is warning customers that the retailer discovered a cyber threat that targeted a small number of customer profiles for almost two months.

According to a letter mailed to macys.com and bloomingdales.com customers this week, Macy's cyber threat alert tools detected suspicious login activities on June 11.

This "suspicious activity" was being done by a third party, who the retailer said obtained the information from a source other than Macy's. From April 26 to June 12, the third party was using valid usernames and passwords to gain access to the customers' accounts.

On June 12, Macy's blocked the profiles that seemed to be breached by the third party.

Macys.com and bloomingdales.com customers should've received an email notifying that their profile was blocked. Those customer accounts will remain blocked until the customer changes the password associated with the profile, according to the letter.

If you didn't receive an email, Macy's said to check your junk folder for an email with the subject line "Important information about your Macy's online profile." If you can't find the email, Macy's said that your profile still may be blocked and to change the password anyway.

After logging in, the unauthorized party was able to access the customer's full name, address, phone number, email address, birthday and debit or credit card number with expiration dates.

Macy's said the macys.com and bloomingdales.com accounts do not include CVV numbers that appear on the backs of credit cards or Social Security numbers.

In the letter, the company said customers should "remain vigilant" for fraud and identity theft.

They also suggested that customers contact their debit or credit card companies to tell them about the data breach.

Macy's also said it strongly encourages customers to change the password for any online account for which you used the same username and password as your macys.com account. Because the third party got the information from a source other than Macy's, that information still could be available.

The retailer also said it arranged to have AllClear ID provide a year of free identity protection to affected customers.

Copy/paste link--> usatoday.com/story/money/business/2018/07/11/what-do-if-your-macys-account-breached/774414002/

~~Remind me again, why I don't shop online....~~

"Never argue with a fool. Onlookers may not be able to tell the difference."

phoenixbrd · ‎03-27-2010

I'm wondering....did they only have access to Macy cards or other credit cards used when making a Macy purchase? Should anyone using any credit card for a Macy purchase be concerned? If these transactions were blocked by Macy's on June 12, I wonder why this information is being released on July 11.

@Mz iMac Thanks for the heads up.

Jordan2 · ‎03-16-2010

I don't shop at Bloomingdales, but I did place two online orders during the time of the breach (4/26-6/12) at Macy's.I knew I didn't have a balance on my credit card presently, I called to check out my balance on my card and I don't have one. It's getting to the point where your afraid to charge anything, I guess cash is the way to go.

Mz iMac · ‎07-26-2014

@phoenixbrd wrote:
I'm wondering....did they only have access to Macy cards or other credit cards used when making a Macy purchase? Should anyone using any credit card for a Macy purchase be concerned?
All credit & debit cards.
"customers contact their debit or credit card companies to tell them about the data breach."

If these transactions were blocked by Macy's on June 12, I wonder why this information is being released on July 11.
Macy & their security team have to investigate to determine how widespread the damage & to alert the proper authorities. That takes times. In this case a matter of weeks instead of months & years to notify their customers.

"Never argue with a fool. Onlookers may not be able to tell the difference."

CatsyCline · ‎07-24-2013

it sounds like the breach grabbed the card info associated with the profiles. if you purchase as a "guest" are payment methods are stored?

their online profiles require more personal info than I'd be comfortable with.

sunshine45 · ‎03-09-2010

thanks!

i rarely shop at macys and i do shop at bloomingdales, but never received any email regarding this breach.

********************************************
"The world is a dangerous place, not because of those who do evil, but because of those who look on and do nothing." - Albert Einstein

millieshops · ‎03-09-2010

@Jordan2I haven't gone as far as using all cash, but I am much more careful about using credit. I have no individual store cards any longer - I don't buy all that much that what I might save would be significant and I might even save a bit here and there because I'm not bombarded with as many sale flyers and emails.

I also don't keep a profile with many retailers at all, I don't enter contests that require personal info, I don't respond to surveys from stores where I shop if I have to sign in with any personal info, etc.

I know I'm still not wholly protected - the thieves are always with us - but I do what I can and hope for the best!