The department store chain said on Tuesday that hackers had gotten hold of the names and passwords of some customers and may even have gained access to their credit card numbers and expiration dates, though not the four-digit security codes, which it does not store. But the breach was small in scale, Macy’s said, hitting about 0.5% of customers registered on macys.com or bloomingdales.com, the site operated by Macy’s upscale sister chain.
“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures,” Macy’s said in a statement to Fortune. The hackers obtained customer login information and passwords from other sites and then used them to gain access to profiles on the Macy’s and Bloomingdale’s e-commerce sites.
The breach occurred between April 26 and June 10. On June 11, Macy’s detected the suspicious activity and soon after blocked the profiles in question. Macy’s said it has contacted the affected customers and will provide consumer protection services free of charge.
Macy’s is only the latest retailer or consumer brand to contend with a data breach. Last month, Adidas disclosed a data breach affecting potentially millions of shoppers. In April, HBC (hbc) said customer payment card information may have been stolen from shoppers at some Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor stores over several months. Other companies hit by breaches in the last year include Sears Holdings’ (shld) Sears and Kmart, Amazon.com’s Whole Foods, and Under Armour. (uaa)
While still bad news for a retailer, breaches have become so commonplace that consumers seem to now see it as a fact of life. In 2013, Target (tgt) was hit by a hack that affected 41 million customers just ahead of the holiday season, costing the discount chain heavily in lost sales. As for Macy’s, the chain has wind in its sails again, with much stronger sales than expected in the first quarter, with online revenue giving it a big boost. The last thing it needs now is any pullback by online shoppers.