Macy’s started notifying some of its customers that it discovered a software skimmer on its web site, which was used by criminals to steal customer data.
The malicious software was discovered on October 15, 2019, and Macy’s believes the software skimmer was injected on October 7. The attackers injected it into the checkout page and the My Account wallet page of the macys.com website.
Information potentially accessed by the cybercriminals include: First Name, Last Name, Address, City, State, Zip, Phone Number, Email Address, Payment Card Number, Payment Card Security Code, Payment Card Expiration date if these items were typed into the webpage while on either the macys.com checkout page or in the My Account wallet page.
Read more about it here.
Cyber Victor – a leading blog on cyber security
cyber security news
