Macy's has told customers about a data breach on its online shopping site, where credit card information may have been stolen back in October. As reported earlier Tuesday by CNET sister site ZDNet, the breach was caused by a Magecart card-skimming code implanted in the payment portal.
In a letter to customers, Macy's said it was alerted on Oct. 15 of a "suspicious connection" between its site and another. It discovered after investigating that on Oct. 7, unauthorized computer code was added to two pages on macys.com, allowing a third party to capture customer information at the checkout page and the wallet page.
The code was removed by Macy's on Oct. 15.
Macy's says the info accessed could include customer names, addresses, phone numbers and email addresses in addition to payment card numbers, expiries and security codes. Customers using the mobile app were not affected.
The department store has contacted federal law enforcement, as well as Mastercard, American Express, Visa and Discover. It says it has also "taken steps" to.