"Macy’s Online Store Compromised in Magecart-Style Attack"
It has been discovered that on October 7, 2019, an unauthorized third party added unauthorized computer code to two pages on macys.com. The unauthorized code that was added, was highly specific and only allowed the third party to capture information submitted by customers on the following two macys.com pages: the checkout page, if credit card data was entered and ‘place order’ button was hit; and the wallet page, if accessed through My Account. Macy's successfully removed the unauthorized code on October 15, 2019. The stolen information includes customers’ first and last name, full address, phone number, email address, payment card number, security code, and expiration date, but only if these were typed into the two mentioned webpages.
Net Security reports: "Macy’s Online Store Compromised in Magecart-Style Attack"