The California Office of the Attorney General reported that Macy's, Inc experienced a data breach involving unauthorized access to customer online profiles on July 2, 2018. The breach, which started on April 26, 2018 and was detected on June 11, 2018, potentially affected customer names, addresses, phone numbers, email addresses, and debit or credit card numbers, although Social Security numbers and CVVs were not accessed.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-137613
TPRM report: https://www.rankiteo.com/company/macy
"id": "mac440072625",
"linkid": "macy",
"type": "Breach",
"date": "4/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Retail',
'location': 'California',
'name': "Macy's, Inc.",
'type': 'Retail'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'personally_identifiable_information': ['customer names',
'addresses',
'phone numbers',
'email addresses'],
'type_of_data_compromised': ['customer names',
'addresses',
'phone numbers',
'email addresses',
'debit or credit card numbers']},
'date_detected': '2018-06-11',
'date_publicly_disclosed': '2018-07-02',
'description': "Unauthorized access to customer online profiles at Macy's, "
'Inc.',
'impact': {'data_compromised': ['customer names',
'addresses',
'phone numbers',
'email addresses',
'debit or credit card numbers']},
'references': [{'source': 'California Office of the Attorney General'}],
'title': "Macy's Data Breach",
'type': 'Data Breach'}