The company has confirmed that back in October, hackers had managed to insert code into two pages on its website which allowed them to steal customer information that was entered into the page. This included a bunch of personal information such as names, addresses, and payment info.
Macy’s claims that this attack went on for a week before it was discovered and eventually shut down, but it is unclear as to how many people could have been affected during that week alone. The company claims that only a “small number” of customers were affected, but they have since implemented additional security measures and are also offering customers free credit monitoring to make sure that their credit card details are not being used for unauthorized purchases.
In a statement released by the company, “We quickly contacted federal law enforcement and brought in a leading class forensics firm to assist in our investigation. We have reported the relevant payment card numbers to the card brands. In addition, we have taken steps that we believe are designed to prevent this type of unauthorized code from being added to macys.com.”