It hasn’t been a while since we heard of a MageCart attack, however now, Macy’s has disclosed a similar attack. As confirmed recently via their letter to customers, Macys has suffered a MageCart attack.
Macys Suffered MageCart Attack
The popular online fashion store Macys has recently confirmed a MageCart attack. The information surfaced online through the company’s letter to the customers.
As revealed in the letter, the company noticed a suspicious connection between their main website macys.com and another site. Investigating the matter revealed that their site was running malicious code. This code specifically targeted two pages of Macy’s site in an attempt to access the financial data of the customers. As stated in their letter,
The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two (2) macys.com pages: (1) the checkout page – if credit card data was entered and “place order” button was hit; and (2) the wallet page – accessed through My Account.
According to Macy’s, the attack lasted for about a week, from October 7, 2019, to October 15, 2019. Consequently, the information the attackers accessed in this duration included first and last names of the customers, email addresses, phone numbers, their complete address including city, state and zip code, and their financial data including payment card numbers, date of expiry (if present), and card security code.
Fortunately for some, the attack did not affect mobile phone users of the macys.com.
Macy’s Contained The Attack
Following the incident, the firm quickly began investigating the matter whilst involving law enforcement agencies and forensics.
Furthermore, they have also informed the relevant payment card brands about the affect card numbers.
Besides, Macy’s also urged the users to vigilantly monitor their bank accounts for any fraudulent transactions or identity theft.
This isn’t the first time that Macy’s has suffered a cyber attack. In 2018, their websites macys.com and bloomingdales.com also suffered security breaches when the hackers pilfered customers’ data including credit card details.