Macy’s and Bloomingdale’s data breach: What we know so far

Written by |
Advertisement

Macy’s and Bloomingdale’s are the latest retailers to announce they’ve been hit by a data breach in a letter dated June 27 and mailed to some customers.

RELATED: UPDATE: 27 million user accounts breached in Ticketfly hack

Macy’s and Bloomingdale’s reveal new data breach

Macy’s Inc., which owns both the iconic flagship department store and Bloomingdales, reveals it first detected suspicious log-in activity on June 11 on Macys.com and Bloomingdales.com. An investigation that followed pointed to an unauthorized third party that was actively plumbing customer records from approximately April 26 to June 12.

What info was breached?

  • First and last name
  • Full address
  • Phone number
  • Email address
  • Month and day of your birthday
  • Debit or credit card number with expiration dates

No Social Security numbers or Credit Verification Values (CVV) from the back of your credit or debt cards were obtained.

On June 12, Macy’s Inc. began blocking profiles with suspicious logins. Accounts that have been blocked will remain blocked until the customers associated with those accounts update their passwords.

“We are aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com,” the Cincinnati-based retailer said in a statement.

“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures.”

Those “additional security measures” include making AllClear ID identity protection services available to customers who had their info breached.

bloomingdale's data breach letter

Advertisement

Get a credit freeze in place

Money expert Clark Howard is no fan of identity theft monitoring and protection. His preferred alternative is a full-blown credit freeze.

Fortunately, credit freezes will soon be free for everyone by an act of Congress.

See our Credit Freeze Guide for step-by-step instructions on doing a freeze.

The great thing about a credit freeze is that it effectively shuts down a criminal’s ability to open new credit in your name even if they get your personal info in a breach like this one — or any of the others we’ve seen over time.

Watch your statements carefully

If you’re among the affected, you need to go through your credit card and debit card statements this month and next month very carefully.

You’ll want to identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.

You have 60 days to dispute any bogus charge when you use a credit card. Not so with debit card, though. More on that in a moment…

Use an abundance of caution

In addition, now is the time when you need to beware of anyone calling or emailing you trying to impersonate Macy’s or Bloomingdale’s or your bank.

The criminals may ask you to click a link or to verbally confirm additional personal information over the phone related to this breach.

When in doubt, hang up the phone or close out the email. Then call your bank or visit the merchant website to verify the legitimacy of the request.

Consider kicking your debit card out of your life

The reality is customers who use a debit card are hit hardest by any data breach. Debit cards are dangerous to your wallet. They don’t have the normal protections under federal law offered by a credit card.

Advertisement

With a breached debit card, you have only two days to notice that money is gone from your account”¦or else you could be on the hook for up to $500. And under some circumstances, your liability with a debit card can be unlimited.

If you wish to continue using debit in the future, be sure you tie it into a separate account that’s only used for debit transactions so only that money is at risk.

More Clark.com stories you may enjoy:

Advertisement