CHICAGO — Department store chain Macy’s alerted customers that their personal and payment information may have been hacked on the retailer’s website during a one-week period in October.
Macy’s said it reported the incident to federal law enforcement after it found a suspicious third party who added an unauthorized computer code on the retailer’s website on Oct. 7. In a letter sent to affected customers dated Nov. 14, Macy’s said hackers potentially had access to customer’s names, address, phone numbers and payment card information. According to the letter, Macy’s removed the code on Oct. 15.
An investigation by Macy’s found that the hacker’s code was able to capture information on the retailer’s checkout page and its wallet page, which contain’s customers’ payment information. The company said it reported the data breach to relevant bank issuers, including Visa, Mastercard, American Express and Discover.
It was not immediately clear how many customers were affected, but a spokesperson for Macy’s said in an email statement the incident only involved a small portion of their clients.
Macy’s will provide customers affected by the data breach consumer protection services at no costs.
