NEW YORK, United States — Macy’s Inc. said hackers obtained names and passwords of online customers and potentially were able to access data including their credit card numbers and expiration dates.
The data breach impacted one-half of one-percent of customers who were registered on Macys.com or Bloomingdales.com, spokeswoman Blair Rosenberg said Tuesday. Customer login and password data were taken from websites not related to Macy’s or Bloomingdale’s and were then used to access profiles on those sites, the company said.
“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures,” Macy’s said in an emailed statement.
The disclosure marks the latest in a series of data breaches at major companies across a broad swath of industries, including retailers Hudson’s Bay Co. and Under Armour Inc., aerospace giant Boeing Co., airlines like Delta Air Lines Inc. and natural gas pipelines and electric utilities. Adidas AG said last month that millions of customers on its U.S. website could have been affected by a breach.
While other personal data, including birthdates, may have been accessed, social security numbers were not, Macy’s said. The data breach occurred between April 26 and June 10, the company said. It detected suspicious activity on June 11, and the company blocked the profiles in question on June 12.
Macy’s contacted customers that may have been impacted by the breach and said it was offering consumer protection services to them at no cost.
By Lisa Wolfson; Editor: Anne Riley Moffat.