Macy’s hit by data breach

Shoppers who made online purchases from Macy’s or Bloomingdale’s between April 26 and June 12, 2018 should check their credit card statements for suspicious activity as Macy’s has revealed that it suffered a data breach.

Macy’s informs customers

The retailer said: “We are aware of a data security incident involving a small number of our customers at and We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.”

Breach consequences

Criminal hackers could see customers’ names, addresses, phone numbers, email addresses, birthdays, and debit or credit card numbers with expiration dates. Macy’s informed customers that affected profiles will be blocked until they change their passwords, and offered suggestions to help customers remain vigilant.


Retailers that actively offer goods and services to EU residents must comply with the GDPR (General Data Protection Regulation). As Macy’s takes worldwide orders and holds personally identifiable information, it could be subject to fines or other penalties if it is found to be not compliant with the GDPR.

To help better understand the GDPR, you should register for IT Governance USA’s webinar: ‘Why should North American organizations comply with the GDPR?’. The webinar will take place on Tuesday, July 24, 2018, 1:00 pm–2:00 pm EDT.