The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites.
According to a data breach notice sent to customers, “an unauthorized third party added unauthorized computer code” to Macys.com on Oct. 7. The code, which was discovered and removed on Oct. 15, was collecting customers’ first and last names, addresses, phone number and email addresses, payment card information (including number, security code, and expiration dates).
Read more…
Source: ThreatPost