Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
An Illinois woman contends that Macy’s failed to properly protect its customers’ private information from a data breach that occurred in October 2019.
Plaintiff Suzen Isai claims that hackers were able to access the personal data of Macy’s online customers by running a malicious script on its website.
Isai says that the day before she made a purchase on Macys.com, cyber criminals entered a malicious computer code into the website.
This type of hack is known as a “web skimmer” and allows unauthorized third parties to access the website users’ information. The skimmed information can reportedly be used to clone credit cards and make unauthorized purchases.
According to the Macy’s class action, a researcher let the company know about the suspicious activity and discovered that the hack may have been orchestrated by a band of cybercriminals called “Magecart.”
“As a result of the Data Breach, Magecart and/or other unauthorized third parties were able to obtain the following personal information…from Plaintiff and class members: the customer’s first name, last name, address, city, state, zip, phone number, email address, payment card number, payment card security code, and payment card month/year of expiration if submitted on a compromised page,” alleges the complaint.
The Macy’s class action lawsuit points out that so-called web skimming can take place because of vulnerable websites or content management systems.
The plaintiff alleges that, as a major nationwide retailer subject to data breaches before, Macy’s should have secured its website from such a hack.
Isai says that she and other putative Class Members have been exposed to the risk of identity theft and fraud as a result of the Macy’s data breach.
According to the Macy’s data breach class action, the personal information skimmed from websites has been known to be sold in batches on the dark web or the internet’s equivalent of the black market.
“As a result of recent large-scale data breaches, identity thieves and cyber criminals have openly posted stolen private information directly on various Internet websites, making the information publicly available,” alleges the Macy’s class action lawsuit.
The plaintiff accuses Macy’s of failing to adequately protect its online customers from the data breach. Isai says that the company was negligent and violated the Illinois Consumer Fraud Act and Personal Information Protection Act.
The Macy’s class action lawsuit seeks to represent a Class of Illinois residents whose personal information was compromised as a part of the data breach that occurred Oct. 7 – Oct. 15, 2019.
Were you affected by the Macy’s data breach? Tell us more about it in the comments below!
The lead plaintiff is represented by Mark A. Eldridge, Shpetim Ademi, and John D. Blythin of Ademi & O’Reilly LLP and Ben Barnow, Erich P. Schork, and Anthony L. Parkhill of Barnow and Associates PC.
The Macy’s Data Breach Class Action Lawsuit is Isai v. Macy’s Inc., et al., Case No. 1:19-cv-7730, in the U.S. District Court for the Northern District of Illinois.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
15 thoughts onMacy’s Class Action Alleges Inadequate Security Measures
please add me
I was also affected by this breach. My card information got stolen and was fraudulently used. Filed a police report and got some information but couldn’t recover the funds. Macy’s fraud department was also extremely unhelpful. Why is this class action lawsuit only in Illinois?
Please add me
Please add me
me cerraron la cuenta en el 2019