Macy’s department store discovered a data breach after a malicious code infiltrated its online payment portal.
Macy’s has recently admitted becoming a victim of a data breach, which allegedly happened due to a malicious code that infected its payment portal. The company warned its customers of the incident, admitting that it occurred on October 15th.
After a brief investigation, the company’s team located a card-skimming code within two pages on the store’s website.
Macy’s suffers online Magecart card-skimming attack, data breach https://t.co/i6cxmYZzVI
— ZDNet (@ZDNet) November 20, 2019
Macy’s letter to customers states that the code has likely been there since October 7th. Meanwhile, the two impacted pages included a wallet page and the checkout page. The store admitted that the code was designed to record the data submitted by the store’s consumers.
Despite the fact that the store managed to remove the code as soon as it became aware of it, it is likely that some of the customers were affected by it. Specifically, those who have used Macy’s website between October 7th and October 15th likely had their information stolen.
The stolen data includes the customers’ names, addresses, emails, ZIP codes, but also card numbers, security codes, and likely even expiration dates. The number of affected customers is unknown at this time, although Macy’s spokesperson claims that the number is not very high. The store will offer consumer protection services to affected individuals for free.
Investigation Still On-Going
Following the discovery of the breach, Macy’s contacted federal law enforcement, in addition to hiring a forensics team. The store also reported the stolen card numbers to the brands, and it increased its security measures to prevent the incident from happening again.
The incident itself is called Magecart attack, during which card-skimming malware infects legitimate domains of online stores. Typically, these attacks occur when there is a flaw in the website itself or the CMS that the website uses.
After the code infects the payments page, all that attackers need to do is wait and let the malware harvest information. The stolen data then travels to the C2 server, where the attackers create clone cards and use them to commit fraud.
While it is possible to track the information to the C2 server and shut it down, bad actors tend to re-purchase them after the investigation concludes, and the domains are released back into the market.
Did you use Macy’s online store recently? What do you think about the store’s recent incident? Let us know in the comments below.
Images are courtesy of Shutterstock, Pixabay, Twitter.