Macy’s Website Hit by E-Skimming Attack
Macy's Website Hit by E-Skimming Attack Macy's recently disclosed that its official website was the victim of an e-skimming attack resulting in unauthorized access to the personal information of its customers. Macy’s, in its data breach notice, said that on October 15, 2019, it became aware of a suspicious connection between macys[dot]com and another website. Further investigation of this suspicious connection revealed that a malicious actor added malicious code into two web pages of the company’s website: (1) the checkout page where credit card data is entered and where “order” button is located; and (2) the wallet page which can be accessed through the customer’s “My Account”. Macy's said the malicious code injected into the two web pages of the company’s website allowed the malicious actor to steal information submitted…