News and Comment: Macy’s Ecommerce Data Breached Via Third Party

Off Cyber Policy in the News,

Macy’s Ecommerce Data Breached Via Third Party, Company Says

Macy’s Ecommerce Data Breached Via Third Party, Company Says

NEWS: The company has advised online customers that the exposure occurred from April 26 to June 12, according to Detroit Free Press. It blamed an unnamed third party who accessed the data from an outside source, using valid passwords and user names. Read more…

COMMENT:

Macy’s declaration that they have added additional security measures as a precaution is like saying you have added fire extinguishers after the building has burnt to the ground. Private citizens have no way of knowing if the firms that they have trusted are implementing proper security measures and the frequency with which breaches continue to occur would indicate that this is not the case. Most firms implement necessary security, such as multifactor authentication, but additional regulation is needed to ensure that all of them do.”

John Gunn, CMO, OneSpan:

About The Author

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Privacy Policy