Macy’s has discovered
a data breach that exposed customer email addresses, credit and debit card numbers, birthdays and other data, according to the Detroit Free Press.
The company has advised online
customers that the exposure occurred from April 26 to June 12, the report says. It blamed an unnamed third party who accessed the data from an outside source, using valid passwords and user names.
Macy's spokesperson Blair Rosenberg confirmed the incident to Email Insider, providing this statement: "We are aware of a data security incident involving a small number of our
customers at macys.com and bloomingdales.com.
"We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security
measures. Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these
services."
The information gleaned did not include Social Security numbers or the security numbers that appear on the backs of credit cards, the firm adds. However, the third party was able to
breach customer profiles, names and addresses and card expiration dates, the Free Press adds.
The company is advising shoppers to change their passwords, and says it will block
their accounts until they do. It is notifying affected customers by email.