If you bought anything from these 19 companies recently, your data may have been stolen
Macy's confirmed Tuesday that some of its online shoppers' payment details were compromised after hackers cracked into its "Checkout" and "My Wallet" pages.
The department store chain alerted customers about the issue in a letter sent out on Thursday.
"We are aware of a data security incident involving a small number of our customers on Macys.com," a representative from Macy's said in a statement to Business Insider on Tuesday. "We have investigated the matter thoroughly, addressed the cause and have implemented additional security measures as a precaution."
On August 14, grocery chain Hy-Vee announced that it has launched an investigation to look into unauthorized transactions made at some of its fuel pumps, drive-thru coffee shops, and restaurants.
In a statement online, the company said that it didn't believe that other payments made in its grocery stores, drugstores, or convenience stores had been impacted.
On August 1, Poshmark released a statement on its website saying that "data from some Poshmark users was acquired by an unauthorized third party." The company said that the stolen data "does not include any financial or physical address information" and that it shouldn't have compromised any passwords.
The online clothing marketplace was hacked despite using "one of the stronger algorithms" to "scramble passwords," TechCrunch reported.
On May 29, the parent company of fast-food chains Checkers and Rally's informed customers it had found malware at more than 100 restaurants.
The program was installed in the point-of-sale machines and was designed to take credit-card information, but not personal information, the company said.
Buca di Beppo's parent company, Earl Enterprises, was hit with a major data breach that potentially lasted from May 23, 2018 to March 18, 2019.
The breach may have exposed customers' names and credit- and debit-card numbers, as well as their expiration dates.
Some Planet Hollywood restaurants were also impacted by the breach that hit parent company Earl Enterprises.
Locations of Earl of Sandwich were also affected by the Earl Enterprises breach.
Guy Fieri's chicken chain was affected by the same breach.
This Los Angeles restaurant was also named in the Earl Enterprises breach.
This Las Vegas restaurant was named as possibly being impacted by the Earl Enterprises breach.
Marriott disclosed a massive breach of data from 500 million customers in late November.
Guests staying at any of the Starwood brand's hotels, including W Hotels, St. Regis, Sheraton, Westin, Element, and Aloft, on or before September 10, likely had their data exposed.
Exposed information included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and other Starwood account information.
Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it.
"Marriott reported this incident to law enforcement and continues to support their investigation," the company said at the time. "The company has already begun notifying regulatory authorities."
Arne Sorenson, Marriott's president and CEO, said: "We deeply regret this incident happened."
Signet Jewelers, parent company of Kay Jewelers, had a vulnerability in its website that exposed customers' information after they had purchased jewelry online.
By changing the link customers received confirming online orders, anyone could access information including customers' names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link.
Only the last four digits of a customer's credit-card number were on the page, however.
The issue was fixed in November for orders going forward. It was fixed for past orders in December, according to Krebs on Security.
Signet Jewelers also owns Jared The Galleria of Jewelry, which had the same vulnerability as Kay.
Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack.
Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017 and January 2, 2018 may have had their credit-card information stolen. Darden estimates that 567,000 card numbers could have been compromised.
Customers affected would have visited a Cheddar's location in any one of these states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin.
Macy's customers are also at risk for an even older hack.
The retailer confirmed that some customers shopping online at Macys.com and Bloomingdales.com between April 26, 2018 and June 12, 2018 could have had their personal information and credit-card details exposed to a third party.
Macy's did not confirm exactly how many people were impacted. However, a spokesperson for the company said the breach was limited to a small group of people.
Macy's said in a statement: "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy's, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services."
Adidas announced in June 2018 that an "unauthorized party" had gained access to customer data on Adidas' US website. At the time, the company said it believed only customers who shopped on and purchased items from the US version of Adidas.com could have been affected by the breach.
The data that is potentially at risk includes customer contact information like email addresses and physical addresses, as well as login information like usernames and passwords. The passwords were stored with an encryption, however, which would need to be unencrypted before they could be used.
Adidas did not say exactly how many customers could have been affected by the breach, but an Adidas spokeswoman confirmed it was likely "a few million."
![Saks Fifth Avenue]({"https://image.businessinsider.com/5b34eefdd4f05f2c008b4657":{"contentType":"image/png","aspectRatioW":999,"aspectRatioH":749}})
Hudson's Bay, the parent company of Saks Fifth Ave, confirmed in April 2018 that a data breach compromised payment systems and therefore customers' credit and debit cards.
Estimates of the amount of affected customers were not released, but it could number in the millions. Online customers were not affected.
![lord and taylor]({"https://image.businessinsider.com/582b2ab9691e8877098b6bab":{"contentType":"image/png","aspectRatioW":853,"aspectRatioH":639}})
Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach.
![Under Armour]({"https://image.businessinsider.com/5b3fa53570e29131008b4b50":{"contentType":"image/png","aspectRatioW":889,"aspectRatioH":667}})
While Under Armour's store systems and online store weren't affected, the retailer confirmed in March 2018 that data from its MyFitnessPal app was accessed by an "unauthorized party."
Payment information was not released, but Under Armour says user names, emails, and encrypted passwords were affected. More than 150 million people's information was likely compromised.
![panera bread mac and cheese caesar salad]({"https://image.businessinsider.com/5cdec583021b4c0cc670d303":{"contentType":"image/png","aspectRatioW":4,"aspectRatioH":3}})
Panera Bread confirmed on April 2, 2018 that it was notified of a data leak on its website.
At the time, it said personal information, including names, addresses, and partial credit card numbers may have leaked, though the company says the investigation is ongoing.
SEE ALSO: Jeff Bezos has said that Amazon has had failures worth billions of dollars — here are some of the biggest ones
|
No comments:
Post a Comment