Macy's breach image

Macy’s Data Breach

Published: July 20, 2018

Attention shoppers! Macy’s Exposes Customer Information!
Data breaches have become a regular occurrence for companies regardless of their size or stature. In fact, some of the largest companies in the world have proven to be most vulnerable. The latest big breach took place at retail giant Macy’s through the and websites. We would like to take this opportunity to review some steps you can take to reduce the risk and impact of fraud.

What happened
According to a letter sent out by Macy’s, “an unauthorized third party, from approximately April 26, 2018 through June 12, 2018, used valid customer user names and passwords to login to customer online profiles.” The usernames and passwords are presumed to have been obtained from an external source. The hackers were able to obtain names, addresses, phone numbers, email addresses, birthdays, and payment card information. (It appears card security codes and social security numbers were not compromised.) On June 12, impacted profiles were blocked and customers forced to update their passwords in order to regain access.

What is Macy’s doing?
In addition to blocking profiles, Macy’s has reported the information to the relevant card issuers (Visa, MasterCard, American Express, and Discover). The company has also added additional security rules to the website login protocol. Affected customers should have received a letter regarding the data breach. If you did not get this letter and you believe your account was hacked, contact Macy’s directly to check. Macy’s is also offering one year of complimentary identity protection services through AllClear ID (see below).

What can you do?

  • Contact AllClear Identity Repair at 1-855-861-4018. This service is automatically available to affected customers. They can help recover financial losses, restore your credit, and help restore your identity.
  • Enroll for a free year of AllClear ID, which provides identity theft monitoring with alerts and $1 million identity theft protection insurance. You can sign up at, using the promo code you received in the letter from Macy’s.
  • Check the Federal Trade Commission’s website helpful steps you can take to protect yourself from identity theft.
  • Continue to monitor your personal information and accounts, looking out for any suspicious activity, not just in your Macy’s accounts.
  • Use unique passwords for different accounts and websites to lessen a hacker’s ability to access multiple profiles. Using two-factor authorization and a password manager can provide greater protection.
  • Set up fraud alerts with the three major credit reporting agencies – Equifax, Experian, and TransUnion – and with your credit and debit cards. This should ensure you receive an alert if someone tries to apply for credit in your name.
  • Put credit freezes on your accounts, which prevents a company from accessing your credit reports if someone tries to apply for credit using your personal information. Keep in mind, however, that if you want to apply for any type of credit, you will need to temporarily unfreeze your accounts.
  • Get free copies of your credit reports through; it’s a good idea to check at least annually.

Important Disclosures

This material is provided for informational or educational purposes only and should not be construed as investment, accounting, tax or legal advice. Always consult a financial, tax and/or legal professional regarding your specific situation. This communication is not intended as a recommendation or as investment advice of any kind. It is not provided in a fiduciary capacity and may not be relied upon for or in connection with the making of investment decisions. Nothing herein constitutes or should be construed as an offering of advisory services or an offer to sell or a solicitation to buy any securities or a recommendation to invest in any specific investment strategy. Investing involves risk, including the possible loss of principal. Past performance is not indicative of future returns. The views expressed herein are as of a particular point in time and are subject to change without notice. The information and opinions presented herein are general in nature and have been obtained from, or are based on, sources believed by Klingenstein Fields Advisors (“KF Advisors’) to be reliable, but KF Advisors makes no representation as to their accuracy or completeness. Although the information provided is carefully reviewed, KF Advisors cannot be held responsible for any direct or incidental loss resulting from applying any of the information provided. KF Advisors represents two investment advisers registered with the Securities and Exchange Commission: Klingenstein, Fields & Co., L.P. and KF Group, LP. If you are a KF Advisors client, please remember that it remains your responsibility to advise KF Advisors, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services.