Lawrence Abrams reports:
Macy’s has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer’s payment information.
This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer.
According to a ‘Notice of Data Breach‘ issued by Macy’s, their web site was hacked on October 7th, 2019 and a malicious script was added to the ‘Checkout’ and ‘My Wallet’ pages.
Read more on BleepingComputer.