Department store chain Macy’s revealed that its system has been hacked for the second time in two years. The breach occurred from October 7 to 15, exposing customers’ credit card information for a week, reported TechCrunch.
The cybercriminals exploited a vulnerability found on the department store chain’s website. According to the report, the hackers inserted a malicious line of code into its website. This code secretly rerouted credit card info of online buyers and sent it back to the attackers.
The attack compromised sensitive information of customers such as their full names, addresses and contact numbers. Moreover, the hackers were able to obtain credit info including card verification codes, numbers, and expiration dates. Macy’s estimate that around a thousand customers may be affected by this breach.
This latest attack is the second time the department store company suffered from a breach. In 2018, Macy’s revealed that it suffered from a “months-long breach,” which compromised credit card credentials and passwords. Around 0.5% of its clients were affected.
The 2018 attack occurred on its main website and Bloomingdale’s, which is owned by the company. A class-action suit was pushed, blaming the department store for implementing indifferent, irresponsible and lax security protocols.
One of many
The Macy’s hack is just part of a string of attacks on various websites. In separate instances, several websites have also been exploited by installing credit card skimming programs into their codes.
While there is little to no information as to who the Macy’s hackers are, the group called Magecart is the culprit for the biggest skimming campaigns in the past years. It even attacked various known parties such as AeroGarden, the American Cancer Society, British Airways, Newegg and Ticketmaster.
Meanwhile, Macy’s remain to be one of the most popular sites in the United States based on Alexa rankings.