US-based department store chain Macy’s has reported a data breach compromising credit card data of customers on its e-commerce website.
The incident happened between 26 April and 12 June, and involves its online store macys.com and subsidiary bloomingdales.com.
With this incident, Macy’s joins various major retailers such as Sears, Kmart, Whole Foods, and Under Armour that were impacted by a data breach in the last year.
According to an investigation by the retailer, the hacker may have accessed customers’ data such as payment card numbers, expiration dates, user credentials, first and last names, addresses, phone numbers, email addresses and birthdays.
The company also noted that the data breach did not occur on Macy’s systems as the hacker may have gained access from another company or through sources of the dark web.
Macy’s Information Security team identified the breach on 12 June and blocked the hacker from accessing relevant customer profiles and purged all the payment card data.
A statement by the company was quoted by Business Insider as saying: “We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures.
“Macy’s will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.
The company also notified 753 residents in the region through email regarding the incident and is offering them a chance to enrol for free consumer protection services such as the AllClear Identity Theft Monitoring and AllClear Identity Repair Services.