Macy Under Attack As Online Card Skimming is Fingered

Posted on November 19, 2019 at 5:31 PM

Macy Under Attack As Online Card Skimming is Fingered

It was with a lot of unbelief that Macy reported the discovery of malicious code on its online payment system. The big department store released a notice to the effect that there is a data breach in its system. The cause of the breach was a Magecart card-skimming code. The code was being incorporated into the online payment gateway.

Security Team on High Alert

It did not take long for Macy to raise alarm about the data breach. It promptly released a report to the investors. In the release, Macy stated that it got wind of the development on the 15th of October. And upon the discovery of the breach, the team from Macy sprang into action. The team discovered that the card-skimming code had already infected two pages of the store’s official online platform.

The security officials at Macy also are of the opinion that the code was introduced around early October. It was not a harmless code as it affected the checkout page and wallet page. So, all the customers that made use of the ‘My Account’ feature.

The Malicious Code

Macy released details on the code so all stakeholders can have an idea of what they are dealing with. The malicious code was described as being sophisticated enough to specify the targets. It also worked in a way that only third parties gain access to store the information. The information, in this case, is the one submitted by all the customers making use of the platform for their purchases.

As expected, there were consequences that emanated from the attack. As the code was being tackled during the same period that Macy was notified of the issue, customers were affected. The clients who have made their purchase online and given their financial details into the wallets are believed to have been victims of the data breach.

The data in question has to do with the customers. It includes the first and last names, ZIP codes, physical or residential addresses, payment card details, email addresses, card security details and even the dates of expiration. The spokesperson of Macy explained that they are not sure of the number of customers that might have been affected by the data breach. To make things worse, the data breach went on for a minimum of seven days before the departmental store was able to know of its existence.

Adapting to the Circumstances

The same spokesperson clarified that a very minor number of their clients were believed to have been victims of the attack. The store also stated that for those who have had their data stolen, there is a compensation plan in place. Such customers are going to get consumer protection services without any extra charge. The security team officials swiftly reached out to federal law enforcement agents. They also linked up with a prominent investigative company to give help on the matter. Reports were also sent across to the several card brands relating to the leaked card numbers and other card details.

The store also went ahead to put in some strategies in place to ensure that future data breaches of this kind never happen again. This is what is referred to as a Magecart attack. The appellation is used in relation to all kinds of card-skimming malware features on regular e-commerce platforms. Similar attacks have also been recorded on other equally high-profile online platforms. These include major brands like British Airways, Ticketmaster, Newegg and so many other brands that are just too numerous to be mentioned.

In this type of attack, the data breach can only be done in a case where the system has been broken via its content management system or the website itself. Immediately the malicious party gains access, the next thing is to incorporate the JavaScript code into the targeted pages. These are usually pages that collect all the financial details of the customers. All the malicious party needs to do is to be patient and wait for customers to enter their details.

Summary
Macy Under Attack As Online Card Skimming is Fingered
Article Name
Macy Under Attack As Online Card Skimming is Fingered
Description
The big department store released a notice to the effect that there is a data breach in its system. The cause of the breach was a Magecart card-skimming code. The code was being incorporated into the online payment gateway.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading