Macy’s and Bloomingdale’s are the latest retailers to announce they’ve been hit by a data breach in a letter dated June 27 and mailed to some customers.
Macy’s and Bloomingdale’s reveal new data breach
Macy’s Inc., which owns both the iconic flagship department store and Bloomingdales, reveals it first detected suspicious log-in activity on June 11 on Macys.com and Bloomingdales.com. An investigation that followed pointed to an unauthorized third party that was actively plumbing customer records from approximately April 26 to June 12.
What info was breached?
- First and last name
- Full address
- Phone number
- Email address
- Month and day of your birthday
- Debit or credit card number with expiration dates
No Social Security numbers or Credit Verification Values (CVV) from the back of your credit or debt cards were obtained.
On June 12, Macy’s Inc. began blocking profiles with suspicious logins. Accounts that have been blocked will remain blocked until the customers associated with those accounts update their passwords.
“We are aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com,” the Cincinnati-based retailer said in a statement.
“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures.”
Those “additional security measures” include making AllClear ID identity protection services available to customers who had their info breached.
Get a credit freeze in place
Money expert Clark Howard is no fan of identity theft monitoring and protection. His preferred alternative is a full-blown credit freeze.
Fortunately, credit freezes will soon be free for everyone by an act of Congress.
The great thing about a credit freeze is that it effectively shuts down a criminal’s ability to open new credit in your name even if they get your personal info in a breach like this one — or any of the others we’ve seen over time.
Watch your statements carefully
If you’re among the affected, you need to go through your credit card and debit card statements this month and next month very carefully.
You’ll want to identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.
You have 60 days to dispute any bogus charge when you use a credit card. Not so with debit card, though. More on that in a moment…
Use an abundance of caution
In addition, now is the time when you need to beware of anyone calling or emailing you trying to impersonate Macy’s or Bloomingdale’s or your bank.
The criminals may ask you to click a link or to verbally confirm additional personal information over the phone related to this breach.
When in doubt, hang up the phone or close out the email. Then call your bank or visit the merchant website to verify the legitimacy of the request.
Consider kicking your debit card out of your life
The reality is customers who use a debit card are hit hardest by any data breach. Debit cards are dangerous to your wallet. They don’t have the normal protections under federal law offered by a credit card.
With a breached debit card, you have only two days to notice that money is gone from your account…or else you could be on the hook for up to $500. And under some circumstances, your liability with a debit card can be unlimited.
If you wish to continue using debit in the future, be sure you tie it into a separate account that’s only used for debit transactions so only that money is at risk.