Macy's Warns of Data Breach
Macy's is warning online customers that it discovered a data breach that targeted profiles on macys.com and bloomingdales.com for almost two months, the Detroit Free Press reports. According to a letter mailed to Macy's customers this week, the retailer's cyber threat alert tools detected suspicious login activities on June 11, and that this "suspicious activity" was being done by a third party, whom the retailer said obtained the information from a source other than Macy's. From April 26 to June 12, the third party was using valid usernames and passwords to log into customers’ accounts, gaining access to their names, email addresses, phone numbers, birthdays and payment card information. On June 12, Macy's blocked the profiles that seemed to be breached by the third party. Macy's said the accounts don’t include Social Security numbers or CVV numbers. While Macy’s blocked the profiles that it believes to have been compromised, the retailer is asking customers to “remain vigilant" for signs of fraud and identity theft; change the password for any online account for which they used the same username and password as their macys.com account; and has arranged for free identity protection to customers impacted by the incident.
Total Retail's Take: Data breaches are becoming all too familiar for retailers. In fact, the Macy's news comes a little more than a week after Adidas warned millions of U.S. customers about a similar data breach that took place on its website. Adidas reported that an “unauthorized party” claims to have acquired customer data from its U.S. website. The two breaches are different, however, in the companies’ approaches to disseminating the news to customers, prospects, and the general public. While the full scope of Adidas’ breach isn't yet known, the athletic footwear and apparel brand gets credit for quickly alerting customers that they may have been potentially impacted by the breach. Macy's, however, waited two months to come public with its breach, which creates customer distrust. Bottom line: The two data breaches demonstrate how important data security is today, as well as how important it is to be transparent should a breach occur. With more and more shopping and purchasing taking place online, the reality is that the opportunity for cybercriminals continues to grow by the day. Data security is just as important to a retailer's business today as is inventory, supply chain, customer service, marketing, you name it. Need some tips on how to make your business more secure? Here's content from Total Retail to help you out.