Popular department store company Macy’s recently suffered from a security breach last October, said TechCrunch. This resulted in the endangerment of customers’ credit card information. Reportedly, these sensitive data are now in the hand of hackers.
According to reports, the incident lasted for a week, from October 7 to 15. The leak happened due to the actions of a hacker or hackers which exploited a security flaw in the company’s website. The flaw enabled criminals to enter software into the system, which then sends customers’ credit card info to the malicious party.
The information included in the breach includes name, address, phone number, credit card number, verification code, and expiration dates. These are all essential in making purchases. Because of this, the malicious party can take advantage of this info.
When asked about the scope of the hack, the company said that it could affect thousands of consumers. Customers who are likely affected are those who purchased products using the site during the week of the incident.
A class-action lawsuit in the making?
This is not the first time that Macy’s endangered the sensitive financial information of its customers. Back in 2018, the department store chain was also the subject of a data breach that lasted for months. During this attack, hackers were able to steal the credit data of 0.5% of Macy’s customers.
After the company admitted the occurrence of the incident, a group of affected customers gathered to file a class-action lawsuit. The lawsuit accused Macy’s of being negligent, inattentive and apathetic when it comes to its cybersecurity measures.
In light of the recent blunder, the possibility of such a lawsuit once again emerges.
Macy’s stocks fall
Upon the disclosure of the recent hack, Macy’s suffered an approximately 10% drop in the value of its stocks. This is partly because the attack was revealed right around the holiday shopping season. According to data, its stocks have fallen from 54.4% in the past year.
While the department store chain has suffered twice in the last two years, there have been other websites who suffered from the same kind of exploit. According to TechCrunch, the identity of the Macy’s attackers remain unknown. However, a group of hackers, Magecart, are known to be responsible for a series of recent attacks using the same method.
Meanwhile, the company said that it has been coordinating with the federal government to identify the attacker.