How much did Macy’s hack cost?
On November 18, Macy’s announced that hackers had successfully infiltrated their e-commerce site, stealing customer data, such as name, full address, phone number, email address, and payment information, namely card number, security code, and expiration date.
What happened?
It all started on October 15, when Macy’s engineering team received an alert about “a suspicious connection between macys.com and another website”. This was the first sign that took Macy’s to start an investigation immediately: “We quickly contacted federal law enforcement and brought in a leading-class forensics firm to assist in our investigation(…)”
“Based on our investigation, we believe that on Oct. 7, an unauthorized third party added unauthorized computer code to two pages on macys.com,” the notification says. “The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two macys.com pages: the checkout page — if credit card data was entered and “place order” button was hit, and the wallet page — accessed through My Account.”
Yet again, history is repeating itself
This isn’t the first data breach that has been attributed to Macy’s. In June 2018, Macy’s announced they had detected fraudulent attempts to access customer accounts.
So, how much does it cost to secure your website?
Well, for Macy’s it could cost their business: They had to offer identity protection services to the affected clients for 12 months, their brand was severely affected, and Macy’s stock on Wall Street was down 11% after the breach announcement.
But, what would be the actual cost for Macy’s to properly secure and monitor their website and avoid breaches like this one? For sure that it would cost a fraction when compared to the resulted cost of this breach. You should definitely consider the cost of securing your website as an investment and not a cost.
As experts in the subject, we offer four different web vulnerability scanner plans and an enterprise solution for large companies for your security tests. Each of them has specific functionalities that uniquely protect your business. This way, you will get to know your website vulnerabilities and will have the opportunity to fix them.
Next time you see web application security as a cost and not as an investment, hopefully, Macy’s case will come to mind.
