Macy’s & Bloomingdale’s
Macy’s reported that between April 26 and June 12, 2018, an unauthorized third party gained access to valid usernames and passwords for online accounts of some Macys[.]com and Bloomingdales[.]com customers. Information accessed through the customer profiles included names, addresses, phone numbers, email addresses, month and day of birth, and payment card information; CVV numbers and social security numbers were not exposed. According to a Macy’s spokesperson, only one-half percent of logged in customers were affected. Following the incident, Macy’s locked access to accounts associated with suspicious activity, required users to reset their passwords, and notified the major credit card companies of the breach. The NJCCIC recommends affected customers to monitor financial accounts for suspicious activity, notify their card issuers immediately if they notice unauthorized charges made to their accounts, and take advantage of the free credit monitoring services offered by Macy’s.