Macy's discloses data breach that includes more than 750 Granite StatersBy LISA WOLFSON and HEMA PARMAR
July 11. 2018 11:25PM
Macy’s Inc. said hackers obtained names and passwords of online customers — including 753 New Hampshire residents — and potentially were able to access data including their credit card numbers and expiration dates.
The data breach impacted one-half of 1 percent of customers who were registered on Macys.com or Bloomingdales.com, spokesman Blair Rosenberg said Tuesday. Customer login and password data were taken from websites not related to Macy’s or Bloomingdale’s and were then used to access profiles on those sites, the company said.
“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures,” Macy’s said in an emailed statement.
Macy’s sent a letter July 2 to New Hampshire Attorney General Gordon MacDonald notifying the state of the breach. The store said it notified the affected Granite State residents by first class mail July 3. Macy’s said it was offering consumer protection services to them at no cost.
The disclosure marks the latest in a series of data breaches at major companies across a broad swath of industries, including retailers Hudson’s Bay Co. and Under Armour Inc., aerospace giant Boeing Co., airlines like Delta Air Lines Inc., and natural gas pipelines and electric utilities. Adidas AG said last month that millions of customers on its U.S. website could have been affected by a breach.
While other personal data, including birthdates, may have been accessed, social security numbers were not, Macy’s said.
The data breach occurred between April 26 and June 10, the company said. It detected suspicious activity on June 11 and the company blocked the profiles in question on June 12.