Macy’s has discovered a data breach that exposed customer email addresses, credit and debit card numbers, birthdays and other data, according to the Detroit Free Press.
The company has advised online customers that the exposure occurred from April 26 to June 12, the report says. It blamed an unnamed third party who accessed the data from an outside source, using valid passwords and user names.
Macy's spokesperson Blair Rosenberg confirmed the incident to Email Insider, providing this statement: "We are aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com.
"We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services."
The information gleaned did not include Social Security numbers or the security numbers that appear on the backs of credit cards, the firm adds. However, the third party was able to breach customer profiles, names and addresses and card expiration dates, the Free Press adds.
The company is advising shoppers to change their passwords, and says it will block their accounts until they do. It is notifying affected customers by email.