Online retailers continually need to worry about identity theft-based purchases and now, as they hold a lot of personally identifiable information, GDPR fines.
For nearly two months, an unauthorized party reportedly used stolen usernames and passwords to log into the online accounts of certain Macys.com and Bloomingdales.com customers. The breach took place from April 26 through June 12, compromising data such as full names, addresses, phone numbers, email addresses, birthdays, and payment card numbers with expiration dates, according to a July 6 report in the Detroit Free Press. The incident was detected by Macy's cyber threat alert tools on June 11, and no CVV or Social Security numbers were affected, the retailer told customers in a letter last week, the Free Press further reports. Macy's has blocked the compromised customer profiles, which can only be reactivated if their rightful owners change their passwords.