Macy’s Inc. is the latest major company to fall victim to a data breach, as a letter emailed by the company to customers confirmed that a third party accessed online customer accounts between April and June.
The third party, not identified by the company, was able to access consumer information including names, phone numbers, addresses and credit and debit card numbers, Macy’s said. Macy’s does not keep Social Security numbers or CVV numbers saved on customers profiles, the company said, meaning that information was not able to be accessed.
Valid customer login credentials were used in the breach, but it is believed the hackers obtained the user names and passwords from a source that is not Macy’s, the company said in the letter. Macy’s did not say how many profiles were accessed.
According to the letter, Macy’s first noticed suspicious login activity from several customer profiles on June 11 and, following an investigation, blocked all online profiles displaying suspicious activity the following day. It is believed the breach began on April 26.
The company said it reported all affected credit and debit cards to the appropriate companies and has strengthened its security protocols for customer logins.
The Cincinnati-based company operates 690 Macy’s and Bloomingdale’s department stores, with 23 locations in Georgia. Macy’s joins a list of other major corporations which have seen consumer data accessed by unauthorized third parties.
Two Atlanta-based companies, Home Depot and Equifax, have both been breached in recent years. In 2014, a breach of Home Depot’s payment systems exposed the credit card information of 56 million customers throughout North America.
Last year, credit reporting agency Equifax reported it had been hacked. The breach compromised the personal data, including Social Security numbers and credit card information, of 143 million Americans.
In other business news: