BREAKING: Macy’s Data Breach a Reminder to Take Your Data Security Seriously

Jul 12, 2018, 08:19 AM by Nuvision Credit Union  

Data Breach

Macy’s is the latest retailer to announce a data breach. The company today said cyberthieves hacked into its system and gained access to thousands of online accounts that contained customers’ usernames, passwords, mailing address, email addresses, and payment card information.

According to CBS MoneyWatch, “The attack, which occurred over roughly six weeks between the end of April and the beginning of June before being shut down, affected consumers registered on Macys.com or Bloomingdales.com. Logins and passwords were taken from sites unrelated to the retailers and then used to access data on both sites.”

Macys.com and bloomingdales.com notified customers via email that they blocked access to their profile. Customers can only unblock their account when they log in and change their password.

A sample notification letter notification letter sent to the New Hampshire Attorney General’s Office was leaked to DataBreaches.net:


macys data breach

Your own data protection is most important

The Identity Theft Resource Center reported that Macy’s own website wasn’t hacked. The cybercriminals instead, “used information from an outside source to log into Macy’s customers’ accounts…” In other words, the thieves, “hack[ed] another website or purchas[ed] it online after someone else stole it—and used it to log into other customer accounts on Macys.com and Bloomingdales.com.”

This is an excellent reminder that everyone should take their own data security seriously. You should be able to rely on companies to keep your information safe, but unfortunately that isn’t always the case. Consumers are the victims when their data is lost, stolen, or exposed, but you can take steps to protect yourself.

When changing your password, Nuvision suggests you ask yourself:

  • Are any of your passwords less than 12 characters? If they are, change them and make them longer.
  • Do any of your passwords contain real words (colors, animals, or phrases), patterns (34567 or qwerty), or identifiable characteristics (names, locations, or dates)? If they do, log in and use a random variation.
  • Do you use the same password for multiple accounts? If so, you should use unique passwords for every account, or at least those with access to sensitive personal and financial information.

One way to help create and keep track of passwords is to use a password manager. Here are five steps to create strong, unique and readily accessible passwords.

Monitor your accounts

The Macy’s data breach is another in a line of recent cybersecurity incidents, such as the Facebook and Cambridge Analytica scandal, the Sears, Kmart, and Delta Air credit card exposure, the LocalBlox and Task Rabbit cyber incidents, and the Panera Bread, Saks, Lord & Taylor, and Under Armour MyFitnessPal data breaches.

Your data is out there, and you can’t get it back. But you can read about seven ways to monitor your accounts and reduce the risk of fraud.

Stay connected

To stay on top of Nuvision alerts and information related to the risks of fraud and identity theft, financial and data protection, and cybersecurity, check our Fraud Protection blog or follow Nuvision on Facebook and Twitter to receive updates when new articles are published.