The holidays are here, and everyone is turning their eyes toward online shopping to snap up the best deals. We’ve already seen some awesome doorbusters from online and physical retailers alike — and even Amazon is jumping into the mix with some deals of their own. Click or tap to see Amazon’s Black Friday offers.
But where we see savings, others see opportunity. Hackers regularly target retail outlets with large scale attacks that steal data and credit card information.
Now, just in time for the season, one of the nation’s biggest department stores has revealed they were victims of a massive hack and data breach. If you shopped at this department store in the past few months, you might want to pay attention.
Department store falls victim to Magecart attack
According to new reports from BleepingComputer, famed department store Macy’s announced its website suffered a severe cyberattack.
The hackers embedded malicious code into the checkout and “My Wallet” pages on macys.com that scanned and tracked any information customers typed in — a tactic known as a MageCart attack. Click or tap here for another example of a hostile MageCart-style attack.
Macy’s sent affected customers a notice regarding the breach that outlined the severity of the incident. Macy’s claimed only a small number of customers were affected by the attack, which occurred on October 7, 2019.
The company was alerted a after the attack, and it’s already reached out to affected customers to offer consumer protection services like credit monitoring at no cost.
The stolen data included personal and payment information like the customer’s first and last names, addresses, cities, states, zip codes, phone numbers, email addresses, payment card numbers, payment card security codes and payment card expiration dates. If any of your data was typed into a compromised page, hackers already have it.
I shop there! How can I protect myself?
If you were one of the affected customers who made purchases on October 7, you should have already received the notice from Macy’s. If you didn’t shop that day, but still want to make 100% sure you’re safe, there’re a few things you can do.
Temporarily freeze your credit to stop any potential fraudulent activity. This will also give credit reporting bureaus something to look out for. Click or tap here to learn more about freezing your credit.
Additionally, it might be in your best interest to consider more secure forms of payment, like PayPal, when checking out online. Choose a method that’s either encrypted or doesn’t include any personal data.
Many of these services save you from having to type in personal information, which can protect you from future MageCart-style attacks. Click or tap here to learn about some of the safest ways to pay and shop online.
If you’ve noticed any unusual activity on your bank statements, don’t wait until your account is emptied. Speak with your banking institution immediately.