Macy’s Stock Sinks After Reports of Data Breach

Published on: 19 Nov, 2019

Macy’s (NYSE: M) shares sank by 11% on Tuesday after the Company sent out a letter addressing a data breach that occurred in mid-October.

"On behalf of Macy's, we are writing to inform you about a recent incident involving unauthorized access to personal information about you on macys.com," the Company wrote in the notice to customers. "We regret that this incident occurred and appreciate your time to read this letter."

Macy’s said it was alerted on October 15 about a “suspicious connection” between macys.com and another website. The Company noted that the security team immediately began an investigation.

Based on the investigations, Macy’s said on October 7 an unauthorized third party added a computer code to two pages on macys.com.

“The code was highly specific and only allowed the third party to capture information submitted by customers on the following two(2) macys.com pages: (1) the checkout page - if credit card data was entered and “place order” button was hit; and (2) the wallet page - accessed through My Account,” the Company said in the letter.

ZDNet reported that the breach was caused by Magecart card-skimming code being implanted into Macy’s online payment portal.

Magecart attacks are made possible access into a site or the backend content management system. The attackers generally insert Javascript code into a webpage to harvest data and is then sent to a command-and-control (C2) server, which can then be turned into fraudulent cards.

An anonymous researcher investigating the Macy’s breach told Bleeping Computer that a ClientSideErrorLog.js script was tampered to host the Magecart code. After a victim submitted the payment, the data was then stored into a remote C2 hosted at Barn-x.com, ZDNet said.

Macy’s said it successfully removed the code on October 15 after a joint investigation with federal law enforcement and a class forensics firm.

The Company said that all impacted customers were notified of the breach and are being offered protection at no cost.

Ratings

Ratings
  • 125Views
  • 0Comments

Recommend to Friends

  • facebook
  • Twitter
  • google plus
  • pinterest
  • Digg
  • stumbleupon
  • Reddit
  • linkedin

Bryan Shin

Email: Bryan@financialinsiders.com

@Newsletter

Sign Up for Weekly Updates

Opt-into our eNewsletter NOW! For the Latest Trending Financial News Topics in Cannabis, Tech, Biotechs, Precious Metals, Energy, Renewable Energy and much more!

Related Posts

06 Jul, 2017 1254
03 Aug, 2017 2167
22 Sep, 2017 1019
26 Sep, 2017 900

Comments

There is no comment on this article