Posted on November 19, 2019 at 5:31 PM
It was with a lot of unbelief that Macy reported the discovery of malicious code on its online payment system. The big department store released a notice to the effect that there is a data breach in its system. The cause of the breach was a Magecart card-skimming code. The code was being incorporated into the online payment gateway.
Security Team on High Alert
It did not take long for Macy to raise alarm about the data breach. It promptly released a report to the investors. In the release, Macy stated that it got wind of the development on the 15th of October. And upon the discovery of the breach, the team from Macy sprang into action. The team discovered that the card-skimming code had already infected two pages of the store’s official online platform.
The security officials at Macy also are of the opinion that the code was introduced around early October. It was not a harmless code as it affected the checkout page and wallet page. So, all the customers that made use of the ‘My Account’ feature.
The Malicious Code
Macy released details on the code so all stakeholders can have an idea of what they are dealing with. The malicious code was described as being sophisticated enough to specify the targets. It also worked in a way that only third parties gain access to store the information. The information, in this case, is the one submitted by all the customers making use of the platform for their purchases.
As expected, there were consequences that emanated from the attack. As the code was being tackled during the same period that Macy was notified of the issue, customers were affected. The clients who have made their purchase online and given their financial details into the wallets are believed to have been victims of the data breach.
The data in question has to do with the customers. It includes the first and last names, ZIP codes, physical or residential addresses, payment card details, email addresses, card security details and even the dates of expiration. The spokesperson of Macy explained that they are not sure of the number of customers that might have been affected by the data breach. To make things worse, the data breach went on for a minimum of seven days before the departmental store was able to know of its existence.
Adapting to the Circumstances
The same spokesperson clarified that a very minor number of their clients were believed to have been victims of the attack. The store also stated that for those who have had their data stolen, there is a compensation plan in place. Such customers are going to get consumer protection services without any extra charge. The security team officials swiftly reached out to federal law enforcement agents. They also linked up with a prominent investigative company to give help on the matter. Reports were also sent across to the several card brands relating to the leaked card numbers and other card details.
The store also went ahead to put in some strategies in place to ensure that future data breaches of this kind never happen again. This is what is referred to as a Magecart attack. The appellation is used in relation to all kinds of card-skimming malware features on regular e-commerce platforms. Similar attacks have also been recorded on other equally high-profile online platforms. These include major brands like British Airways, Ticketmaster, Newegg and so many other brands that are just too numerous to be mentioned.