Macy’s Became The Latest Victim Of MageCart Attack

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

It hasn’t been a while since we heard of a MageCart attack, however now, Macy’s has disclosed a similar attack. As confirmed recently via their letter to customers, Macys has suffered a MageCart attack.

Macys Suffered MageCart Attack

The popular online fashion store Macys has recently confirmed a MageCart attack. The information surfaced online through the company’s letter to the customers.

As revealed in the letter, the company noticed a suspicious connection between their main website macys.com and another site. Investigating the matter revealed that their site was running malicious code. This code specifically targeted two pages of Macy’s site in an attempt to access the financial data of the customers. As stated in their letter,

The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two (2) macys.com pages: (1) the checkout page – if credit card data was entered and “place order” button was hit; and (2) the wallet page – accessed through My Account.

According to Macy’s, the attack lasted for about a week, from October 7, 2019, to October 15, 2019. Consequently, the information the attackers accessed in this duration included first and last names of the customers, email addresses, phone numbers, their complete address including city, state and zip code, and their financial data including payment card numbers, date of expiry (if present), and card security code.

Fortunately for some, the attack did not affect mobile phone users of the macys.com.

Macy’s Contained The Attack

Following the incident, the firm quickly began investigating the matter whilst involving law enforcement agencies and forensics.

Furthermore, they have also informed the relevant payment card brands about the affect card numbers.

Besides, Macy’s also urged the users to vigilantly monitor their bank accounts for any fraudulent transactions or identity theft.

This isn’t the first time that Macy’s has suffered a cyber attack. In 2018, their websites macys.com and bloomingdales.com also suffered security breaches when the hackers pilfered customers’ data including credit card details.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!