Macy's reveals website hack just as holiday shopping begins
Macy’s Inc. slumped the most in three months after confirming that some customers were exposed to a data hack while shopping on its website last month.
“We are aware of a highly sophisticated and targeted data security incident related to macys.com that affected a small number of customers during a one-week period in October,” the company said in an emailed statement.
Macy’s fell 11%. It was the second biggest decline in the S&P 500 Index on Tuesday, trailing only Kohl’s Corp. which plunged 19% after disappointing investors with its latest quarterly earnings.
Kohl’s report renewed concerns on Wall Street that department stores are losing the fight for market share to other retailers. Meanwhile, the Macy’s hack could spook shoppers during the critical holiday period.
“Consumers could become guarded, hindering shopping at Macy’s,” according to Poonam Goyal, an analyst with Bloomberg Intelligence.
Macy’s, which reports earnings on Nov. 21, brought in a forensic firm to address the threat and reported the incident to federal law enforcement for investigation. In a letter to those affected, the company said credit-card information and other data entered on the checkout page was captured by hackers. Macy’s said the issue has been resolved.
In addition to being notified about the hack, affected customers will receive instructions on how to enroll in consumer protection services, Macy’s said.
The company didn’t specify how many customers were affected by the breach.
The hack highlights the risks that retailers face as shoppers move increasingly online. In the spring of 2018, the parent company of Saks Fifth Avenue and Lord & Taylor, Hudson’s Bay Co., said it had a data security issue at some of its North American stores, and security firm Gemini Advisory reported that over 5 million credit and debit card numbers from the breach were being sold online.
Macy’s has been hacked before as well, with a breach affecting a small number of customers last year.