Macy’s is the Latest Retailer Rocked by a Breach

We’re guessing some of you are reaching data breach fatigue, but that doesn’t mean you should stop paying attention. Mega department store Macy’s announced yesterday that some online customers of Macy’s and Bloomingdale’s were victims of data theft.

The company emailed a letter to affected customers, which confirmed that an unauthorized third party accessed online customer accounts between April 26 and June 12 this year.

The third party was able to obtain usernames and passwords – which Macy’s says was from an outside source – and then log into Macy’s and Bloomingdale’s (owned by Macy’s Inc.) shoppers’ online profiles to access customer information, including names, addresses, phone numbers, email addresses, birthdays, and credit and debit card numbers with expiration dates. At this point, it not known how many online profiles were accessed, but Macy’s did report the exposed card numbers to Visa, Mastercard, American Express, and Discover.

In a statement, the retailer hinted that the numbers are fortunately not wide-reaching: "We are aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com." The company went on, "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy's, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services." Additionally, Macy’s reported that profiles with suspicious login activity were blocked until the customers changed their passwords.

Macy’s isn’t the only company to make headlines this year because of leaked data – just last month, Adidas revealed that it had suffered a cyberattack, potentially exposing millions of customers’ personal information, and MyFitnessPal also reported a hack in February, noting that 150 million users’ data was compromised. And among the retailer ranks, Macy’s joins Lord & Taylor, Saks Fifth Avenue, Sears, and Best Buy, who were also rocked by a breach in 2018.

Proactive Measures & Frequent Monitoring are Key

While the ubiquity of breaches has led some consumers to the state of apathy, it’s more important than ever to be vigilant. If your customers or employees weren’t a part of the latest Macy’s breach, we know that the future holds many breaches yet to come, so the time to act is now. Share the following data breach safety measures with your customers and employees to help reduce their risk:

• Make monitoring activity on your financial and credit card accounts part of your routine.
• Set up two-factor authentication where available for extra security.
• Rethink the information you’re sharing online (specifically social media). With so much information leaked in breaches, hackers are able to piece together compromised information with the information you publicly share to create a holistic picture of your identity.
• Always use strong and unique passwords, and don’t reuse passwords across multiple platforms (this allows hackers to access multiple accounts when just one is breached).
• Be on the lookout for any phishing emails. In the aftermath of any data breach, it’s common for those affected to receive an influx of phishing emails supposedly from the organization breached or other trusted service providers. Phishing emails are a common way fraudsters can get even more personal data from you.
• Sign up for an identity protection service that includes credit and identity monitoring if you haven’t already. Just be aware that not all monitoring services will protect you equally, so make sure you find a service with powerful monitoring capabilities and 24/7 full-service resolution assistance, should you ever find yourself the victim of fraud.

Comprehensive monitoring services should include internet surveillance, compromised credential monitoring, and credit monitoring. Most importantly, it should include alerts so that if a customer’s information is detected on the deep and dark web, they can work with resolution experts to take corrective action and minimize any damage. Some recommended information to monitor includes:

• Social Security number
• Email addresses
• Date of birth
• Debit/credit cards
• Bank account numbers
• Insurance card/policy number
• Drivers’ license number
• Loyalty card numbers
• Affinity card numbers
• Passport number

In this age of continued breaches, identity protection is timelier than ever and it’s something that your customers and employees are seeking. To learn more about providing them with Generali Global Assistance identity and digital protection, request a demo today.