Macy’s Data Breach

Attention shoppers! Macy’s Exposes Customer Information!
Data breaches have become a regular occurrence for companies regardless of their size or stature. In fact, some of the largest companies in the world have proven to be most vulnerable. The latest big breach took place at retail giant Macy’s through the and websites. We would like to take this opportunity to review some steps you can take to reduce the risk and impact of fraud.

What happened
According to a letter sent out by Macy’s, “an unauthorized third party, from approximately April 26, 2018 through June 12, 2018, used valid customer user names and passwords to login to customer online profiles.” The usernames and passwords are presumed to have been obtained from an external source. The hackers were able to obtain names, addresses, phone numbers, email addresses, birthdays, and payment card information. (It appears card security codes and social security numbers were not compromised.) On June 12, impacted profiles were blocked and customers forced to update their passwords in order to regain access.

What is Macy’s doing?
In addition to blocking profiles, Macy’s has reported the information to the relevant card issuers (Visa, MasterCard, American Express, and Discover). The company has also added additional security rules to the website login protocol. Affected customers should have received a letter regarding the data breach. If you did not get this letter and you believe your account was hacked, contact Macy’s directly to check. Macy’s is also offering one year of complimentary identity protection services through AllClear ID (see below).

What can you do?

  • Contact AllClear Identity Repair at 1-855-861-4018. This service is automatically available to affected customers. They can help recover financial losses, restore your credit, and help restore your identity.
  • Enroll for a free year of AllClear ID, which provides identity theft monitoring with alerts and $1 million identity theft protection insurance. You can sign up at, using the promo code you received in the letter from Macy’s.
  • Check the Federal Trade Commission’s website¬† helpful steps you can take to protect yourself from identity theft.
  • Continue to monitor your personal information and accounts, looking out for any suspicious activity, not just in your Macy’s accounts.
  • Use unique passwords for different accounts and websites to lessen a hacker’s ability to access multiple profiles. Using two-factor authorization and a password manager can provide greater protection.
  • Set up fraud alerts with the three major credit reporting agencies – Equifax, Experian, and TransUnion – and with your credit and debit cards. This should ensure you receive an alert if someone tries to apply for credit in your name.
  • Put credit freezes on your accounts, which prevents a company from accessing your credit reports if someone tries to apply for credit using your personal information. Keep in mind, however, that if you want to apply for any type of credit, you will need to temporarily unfreeze your accounts.
  • Get free copies of your credit reports through; it’s a good idea to check at least annually.

The information provided here is for general informational purposes only and should not be considered an individualized recommendation or personal investment advice. KF Advisors is neither a law firm nor accounting firm, and no portion of its services should be construed as legal or accounting advice. If you are a KF Advisors client, please remember that it remains your responsibility to advise KF Advisors, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. A copy of our current written disclosure statement discussing our advisory services and fees is available upon request or by clicking here. Please read the expanded disclosures in the linked report.