It looks like a third party may be the cause of this breach. No matter how secure your own domain is, you are only as weak as your supply chain.
Companies need to protect themselves with an 'outside in' approach to protecting their domains and customer data.
Online customers of Macy’s and Bloomingdale’s are being warned about a security breach earlier this year that exposed their account information to hackers. Starting around April 26 through June 12, the attacker used passwords to log into some online profiles containing addresses, phone numbers, email addresses, date of birth and account numbers for Macy’s credit cards, the Cincinnati-based retailer said in a letter sent to some state attorneys general. The company said it believed the log-in credentials were stolen from another company because there was no evidence of a compromise of Macy’s systems. Advertisement In an email Thursday, the department store operator said the incident involved “a small number” of customers, who have been notified. In Pennsylvania, 6,462 customers were impacted, according to the state Attorney General’s office.