Macy’s Data Breach-Class Action Investigation
CSK&D is investigating a potential class action lawsuit following Macy’s announcement that the personal financial information—including credit/debit card numbers, expiration dates, and security codes (“CVV”)—of customers who made online purchases on its website have been compromised as part of a MageCart style data breach.
In MageCart attacks, hackers will use malicious scripts, embedding them onto various sections of websites, to capture any payment information entered on these webpages. Until caught by the site owner, these scripts will inconspicuously lurk in the background of these vendor’s payment processing webpages. MageCart attacks were responsible for the recent Stein Mart breach, as well as Ticketmaster in late 2018.
This latest breach of Macy’s online store comes on the heels of another breach that occurred within the last two years. Macy’s has not disclosed the number of consumer affected by the breach, stating only, so far, that the breach involved “a small number” of customers who made online purchases between October 7, 2019 and October 15, 2019. Given Macy’s status as one of the larger department store chains in the United States, there is a possibility that a considerable number of customers may have been affected by this breach.
If you believe your personal financial information was compromised by this recent data breach, please contact the lawyers listed on this page.