Macy’s has disclosed a data breach – their web site was hacked with malicious scripts that steal customer’s payment information. In Magecart attacks, hackers compromise web sites to inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer.
The ‘Notice of Data Breach‘ issued by Macy’s said their web site was hacked on October 7th, 2019 and a malicious script was added to the ‘Checkout’ and ‘My Wallet’ pages. If any payment information was submitted on these pages while they were compromised, the credit card details and customer information was sent to a remote site under the attacker’s control.
Macy’s suffers online Magecart card-skimming attack, data breach https://t.co/eapfFMrlv9 by @SecurityCharlie
— ZDNet (@ZDNet) November 19, 2019
Experts Comments
Linkedin Message
@Kevin Lancaster, General Manager of Security Solutions, provides expert commentary at @Information Security Buzz.
"Compliance with these standards helps retailers protect payment card data by restricting physical and digital business access...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Kevin Lancaster, General Manager of Security Solutions, provides expert commentary at @Information Security Buzz.
"Compliance with these standards helps retailers protect payment card data by restricting physical and digital business access...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Linkedin Message
@Lev Lesokhin, SVP of Strategy and Analytics, provides expert commentary at @Information Security Buzz.
"Putting a stop to code injection is one of the oldest tenets in the app sec playbook. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Lev Lesokhin, SVP of Strategy and Analytics, provides expert commentary at @Information Security Buzz.
"Putting a stop to code injection is one of the oldest tenets in the app sec playbook. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Linkedin Message
@Chris Kennedy, CISO and VP of Customer Success , provides expert commentary at @Information Security Buzz.
"Companies should proactively test and evaluate their cybersecurity posture to find vulnerabilities and remediate them...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Chris Kennedy, CISO and VP of Customer Success , provides expert commentary at @Information Security Buzz.
"Companies should proactively test and evaluate their cybersecurity posture to find vulnerabilities and remediate them...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Linkedin Message
@Piers Wilson, Head of Product Management , provides expert commentary at @Information Security Buzz.
"Retailers should be extra mindful of security this holiday season..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Piers Wilson, Head of Product Management , provides expert commentary at @Information Security Buzz.
"Retailers should be extra mindful of security this holiday season..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Linkedin Message
@Elad Shapira, Head of Research, provides expert commentary at @Information Security Buzz.
"Online retailers like Macy’s are prime targets for Magecart...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Elad Shapira, Head of Research, provides expert commentary at @Information Security Buzz.
"Online retailers like Macy’s are prime targets for Magecart...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Linkedin Message
@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary at @Information Security Buzz.
"Treat everyone else as a potential threat...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Mike Bittner, Associate Director of Digital Security and Operations, provides expert commentary at @Information Security Buzz.
"Treat everyone else as a potential threat...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Linkedin Message
@Robert Prigge, CEO, provides expert commentary at @Information Security Buzz.
"Javelin’s 2019 Identity Fraud Study reported $4 billion in ATO losses last year and new account fraud losses of $3.4 billion...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Robert Prigge, CEO, provides expert commentary at @Information Security Buzz.
"Javelin’s 2019 Identity Fraud Study reported $4 billion in ATO losses last year and new account fraud losses of $3.4 billion...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Peter Draper, Technical Director, EMEA, provides expert commentary at @Information Security Buzz.
"Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach
Facebook Message
@Peter Draper, Technical Director, EMEA, provides expert commentary at @Information Security Buzz.
"Identifying anomalous traffic quickly and taking action can reduce the impact of such attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-macys-customer-payment-info-stolen-in-magecart-breach