Macy’s, the iconic US retailer, and its sister department store Bloomingdales have suffered a data breach. While only a relatively small number of the store’s online customers are affected, the attackers have had access to their account passwords and user names for nearly two months.
The breached data includes names, home and email addresses, phone numbers, birthdays, debit and credit card numbers. Fortunately, the intruders have not been able to access the three-digit Card Verification Value (CVV) security numbers.
Macy’s has blocked the affected accounts, notified all affected customers and offered them free identity protection for a year. It has also advised them to alert their banks and payment card providers and to change their passwords – in particular any customers who use the same password elsewhere, as the log-in data was stolen from a source outside Macy’s.