Magecart Hits Macys: Retailer Discloses Data Breach

  /     /     /  
Publicated : 23/11/2024   Category : security


Magecart Hits Macys: Retailer Discloses Data Breach


The retail giant discovered malicious code designed to capture customer data planted on its payment page.



Macys has confirmed a data breach following the discovery of Magecart malware on its checkout page and wallet page, which is accessed through My Account, the retailer reports.
In a
letter
to customers, the retailer says it was alerted to a suspicious connection between Macys and another website on October 15. An investigation determined malicious code was added to two macys.com web pages on October 7. The code was highly specific and only allowed a third party to capture data submitted by customers on the wallet page and checkout page if credit card data was entered and place order was clicked. Its teams removed the code on October 15.
During the week that the malicious code was live, Macys reports cybercriminals may have potentially accessed customer data including first name, last name, address, city, state, ZIP code, phone number, email address, and their payment cards full number, security code, and month and year of expiration if this data was typed into either of the affected web pages.
Customers who checked out, or interacted with, the My Account wallet page on a mobile device or the macys.com mobile app were not affected in the incident, the company reports.
Macys has reported the breach to federal law enforcement and hired a forensics firm to assist in the investigation. It has also shared affected payment card numbers with brands Visa, Mastercard, American Express, and Discover. The number of victims has not been confirmed.
Magecart is a constantly growing threat to retail websites. Recent data
indicates
the card-skimming threat has reportedly compromised more than 2 million victim websites and directly breached more than 18,000 hosts. Its many victims include, most recently, Procter & Gambles
First Aid Beauty
, as well as other major companies
Ticketmaster
and
British Airways
.
Read more details
here
.
Check out 
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
How Medical Device Vendors Hold Healthcare Security for Ransom
.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Magecart Hits Macys: Retailer Discloses Data Breach