Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Macy’s confirms hackers stole customer data from its website

Add as a preferred source on Google

Macy’s says it’s been hit by a “highly sophisticated and targeted data security incident” that affected “a small number” of its customers.

The data breach, which stole information from customers as they shopped on Macy’s online shopping site, took place between October 7 and 15, 2019. Those affected have been notified and will be updated on developments, Macy’s told Digital Trends by email.

Recommended Videos

Macy’s said the cybercriminals “potentially accessed” customer information that includes first name, last name, home address, phone number, email address, and payment card number including the card’s security code and expiration date.

It added that the information will likely have been taken in cases where the customer entered the data in the macys.com checkout page or in the My Account wallet page. Customers checking out or interacting with the My Account wallet page on a mobile device or on the macys.com mobile application are in the clear, the company said.

The hackers are thought to have launched the attack by entering malicious code into its website that allowed it to capture customer information.

“Our security teams quickly engaged a leading forensic firm to remove the threat,” the retail giant told Digital Trends. Federal law enforcement is also investigating the incident.

The company is contacting customers with information on how to enroll in consumer protection services, which will be offered to those affected at no cost.

Its shoppers are also being warned to keep an eye on their account statements for any suspicious activity, which, if spotted, should be reported immediately to the card issuer.

Magecart malware

The Macy’s attack has been linked to Magecart, a type of malware injected into online shopping sites in an effort to grab customer data. The software has been used by hackers for nearly a decade, with U.S.-based cybersecurity firm RiskIQ suggesting Magecart has compromised more than 17,000 domains, some of which appear in the top 2,000 websites ranked by Alexa.

Recent Magecart victims have included British Airways, which suffered a major breach affecting around 380,000 customers in 2018 and for which the airline was subsequently fined about $230 million, and online electronics retailer Newegg, which was also hit in 2018. More recently, the Baseball Hall of Fame’s website fell victim to Magecart.

The stolen data may end up being traded on illicit hacking forums, with buyers hoping to use it for online shopping sprees or perhaps to withdraw money from accounts.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
ChatGPT Live could make talking to AI feel straight out of the movies
We might finally get the AI sidekick sci-fi movies promised
Elderly women using ChatGPT live on a smartphone

AI voice assistants have been chasing the sci-fi dream for years, but they still have a hard time holding a conversation with humans. Most voice systems still need clear turns, clean pauses, and a few seconds before they respond. OpenAI is now rolling out GPT-Live, a new voice model for ChatGPT Voice that is designed to make those exchanges feel faster and less scripted.

The main upgrade is what OpenAI calls a full-duplex architecture. In simpler terms, GPT-Live can listen and speak at the same time. It continuously processes what the user is saying while also generating its own response, allowing it to decide when to talk, when to pause, when to keep listening, and when to use a tool.

Read more
A broken Galaxy Fold 5 just became the Pixel desktop future I want Google to steal
A broken Galaxy Fold 5 became a tiny PC because Samsung already built the desktop mode Google keeps treating like a side quest.
Desktop mode within Android 16.

A broken Galaxy Fold 5 should be a sad little monument to modern gadget math. One busted outer display, one repair bill nobody wants to inspect too closely, and suddenly a powerful foldable starts heading toward a drawer. Instead, a Redditor turned one into a glowing acrylic DeX box with spare parts, fans, a USB hub, and the kind of LED lighting that makes every homebrew computer look mildly illegal.

https://www.reddit.com/r/SamsungDex/comments/1upica7/fold_5_dexbox/

Read more
You’ll finally be able to try OpenAI’s GPT-5.6 Sol, Terra, and Luna models this week
The GPT-5.6 family will become publicly available on July 9, ending the restricted preview that lasted nearly two weeks.
OpenAI Sol Terra Luna featured

OpenAI is ready to expand access to its latest GPT-5.6 model family. In a recent post on X, the company confirmed that GPT-5.6 Sol, Terra, and Luna will become publicly available on Thursday, July 9. If you've been itching to try the new models since the limited preview began in late June, you won't have to wait much longer.

Why the rollout took longer than expected

Read more