Best Buy's Anniversary Sale Samsung Could One-Up Apple Peloton Alternatives GMMK Pro Keyboard Review Natural Sleep Aids $59 Off Apple TV Equifax Error: Check Your Status Biggest Rent Increases
Want CNET to notify you of price drops and the latest stories?
No, thank you

Macy's customers shopping online may have had their credit card info stolen

Names, addresses, phone numbers and email addresses were also captured in a cyber attack in October.

Macy's has suffered a data breach.
James Martin/CNET

Macy's has told customers about a data breach on its online shopping site, where credit card information may have been stolen back in October. As reported earlier Tuesday by CNET sister site ZDNet, the breach was caused by a Magecart card-skimming code implanted in the payment portal.

In a letter to customers, Macy's said it was alerted on Oct. 15 of a "suspicious connection" between its site and another. It discovered after investigating that on Oct. 7, unauthorized computer code was added to two pages on, allowing a third party to capture customer information at the checkout page and the wallet page.

The code was removed by Macy's on Oct. 15.

Macy's says the info accessed could include customer names, addresses, phone numbers and email addresses in addition to payment card numbers, expiries and security codes. Customers using the mobile app were not affected.

The department store has contacted federal law enforcement, as well as Mastercard, American Express, Visa and Discover. It says it has also "taken steps" to prevent it from happening again.

Now playing: Watch this: Hackers are targeting Facebook accounts to run ad fraud...