July 12, 2018

Online data breach affects Macy's customers

dataMacy's warned customers recently about a cyber threat that impacted some online customer profiles from April 26-June 12. While affected and customers should have received a notification email, NAFCU – a leading advocate for national data security standards – continues to push for the adoption of data and cybersecurity standards for all entities that hold consumers' information.

The breach was done by a third party, which was able to access customers' full names, addresses, phone numbers, email addresses, birthdays and debit or credit card numbers with expiration dates. Macy's said the unauthorized third party was not able to gather CVV numbers or Social Security Numbers.

While Macy's blocked the profiles that seemed to be breached, the company encourages customers to change their online passwords.

According to new data released Wednesday by IBM and the Ponemon Institute, the average cost of a data breach jumped 6.4 percent over the past year to $3.86 million. NAFCU, in its efforts to create a national data security standard, has argued that negligent entities should be financially liable for breach-related losses, which usually fall to consumers and their financial institution.

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system. The association has also shared with Congress principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.

NAFCU remains a leading advocate on this issue and is working to ensure that all entities that hold or collect consumers' personal financial information are held to similar standards as credit unions.