Data security is a mounting issue for retailers, with Macys.com and Bloomingdales.com the latest to be attacked.
“We are aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com. Only one-half of 1 percent of our logged-in customers were impacted,” said Macy’s vice president of corporate communications Blair Rosenberg. “We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.”
Only customers shopping macys.com and bloomingdales.com were affected. Macy’s Inc.’s brick-and-mortar was not hit.
The breach was discovered around June 12 and apparently lasted about two months.
Macy’s did not specify how many shoppers were affected or how it uncovered the breach, though the company does have security measures and ways to monitor shopping. There were published reports that suspicious log-ins were detected and that a third party was behind the illegal activity.
According to the Detroit Free Press, illegal access to names, e-mail addresses, phone numbers, birthdays and payment card information was obtained, but accounts don’t include social security numbers or CVV numbers.
Over the last few years, there have been serious data breaches at major retail corporations.
In April, Hudson’s Bay Co. said some of its Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America were hit with a security issue involving customer payment card data and quickly offered those impacted free identity protection services, including credit and web monitoring. HBC said there was no indication that the firm’s e-commerce operations or Hudson’s Bay, Home Outfitters, or HBC Europe were impacted.
Breaches have become an intense national debate about how companies use and protect consumer data in the wake of revelations that Facebook used data to target voters in the last presidential campaign.
Macy’s Inc. and Hudson’s Bay aren’t the only retail and fashion firms to suffer data breaches. In recent years, Target Corp., The TJX Cos. Inc., Under Armour and Neiman Marcus have also been targeted.