Macy’s Suffers Data Breach


Macy’s has reported that the company suffered a data breach in October. In a letter to affected customers, the company explains that a third party added unauthorized code, compromising personal information of online shoppers. The letter states:

On October 15, we were alerted to a suspicious connection between and another website. Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, an unauthorized third party added unauthorized computer code to two pages on The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two pages – the checkout page (if credit card data was entered and the “place order” button was hit) and the wallet page accessed through My Account. Our teams successfully removed the unauthorized code on October 15, 2019. 

Information potentially accessed include: first and last name, address (city, state, zip) phone number, e-mail address, payment card number, payment card security code, payment card month/year of expiration, if the values for these items were typed into the pages while either on check out page or in the My Account wallet page.

Customers checking out or interacting with My Account wallet page on mobile or on mobile app were not affected. Affected customers received 12 months of Experian IdentityWorks.

In regards to online holiday shopping, the Federal Trade Commission reminds shoppers of these three tips: only shop on secure websites with an “https” address, stick to shopping apps that tell you what they do with your data and how they keep it secure and avoid holiday offers that ask you to give financial information – no matter how tempting. They might be trying to steal your identity.

If you are a victim of a data breach, visit to report identity theft and get a personal recovery plan.

Please Join Our FREE Newsletter!