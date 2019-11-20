Will a hack ruin Macy’s Christmas?

13 expert comments
Discussion
Nov 20, 2019
by George Anderson
George Anderson

It’s becoming an annual event at Macy’s, and not the good kind like Thanksgiving Day parades or Fourth of July fireworks. For the second year in a row, the department store retailer has informed customers that its system has been breached, exposing their personal and financial information to hackers. The news comes at arguably the worst time possible for the chain as it heads into the Christmas selling season.

Macy’s, which said the breach lasted between Oct. 7 and 15, did not provide the number of accounts affected. The retailer said that hackers gained access by attaching malicious code on the “Checkout” and “My Wallet” pages on macys.com. The data thieves captured the customers’ first and last names, home addresses, emails, payment card numbers, security codes and expiration dates.

The retailer has said that its website has been cleaned of the malicious code and that it has notified law enforcement and hired a forensics team to assist in the breach investigation.

Macy’s, which has mailed out notices to customers, is offering a free year of Experian credit monitoring to those who were affected.

The department store retailer suffered a data breach last year that lasted between April 26 and June 12. During that time, hackers gained access to customers’ usernames and passwords through macys.com and bloomingdales.com. At the time, Macy’s said it had “implemented additional security measures” to protect sensitive customer information from data thieves. 

Macy’s share price fell 11 percent yesterday in response to the data breach news and concerns over how it could affect the retailer’s traffic and sales numbers during the holidays.

DISCUSSION QUESTIONS: Will news of the Macy’s data breach negatively affect its holiday sales performance? Does Macy’s need to take steps other than those already taken to deal with the public reaction and underlying weaknesses in its systems?

Braintrust
"While this news is certainly the last thing Macy’s needs, I am not sure it will be the deciding factor for them this holiday season."

Dave BrunoDirector, Retail Market Insights
Dave Bruno

Dave BrunoDirector, Retail Market Insights

Neil Saunders
BrainTrust
Neil Saunders
Managing Director, GlobalData
1 hour 12 minutes ago

This won’t be helpful and there will be some negative consumer perception as a result of the hack. However, to be frank, Macy’s was never on course for a particularly happy holiday. The retail basics are not in place to support growth. In my view, this will only serve to make things worse.

Suresh Chaganti
BrainTrust
Suresh Chaganti
Co-Founder and Executive Partner, VectorScient
56 minutes 1 second ago

One of the problems is, it is not uncommon to use same userid/password combo on multiple sites. This means, a breach on one website can have a collateral impact on others. The compromise of Disney+ earlier this week is also case in point. Unfortunately, data breaches have become new normal, and it may have a short term blip for Macy’s for few days, but the silver lining for Macy’s is that this did not blow up a week from now.

Dick Seesel
BrainTrust
Dick Seesel
Principal, Retailing In Focus LLC
55 minutes 30 seconds ago

Unfortunately, these kinds of data breaches have become routine, to the point where shoppers react with a shrug. Macy’s holiday outlook rests with its merchandising, store experience and marketing strategies…good or bad.

Zel Bianco
BrainTrust
Zel Bianco
President, founder and CEO Interactive Edge
54 minutes 27 seconds ago

Unfortunately this is a reality of online commerce. It is also a reality that it is the responsibility of the merchant to make sure that their systems remain safe at all times. That this has happened again at Macy’s is proof that either not enough was done to prevent this from happening again or that, no matter what is done, it seems it is never enough to keep one step ahead of the bad people that want to do harm to Macy’s. Macy’s and all merchants need to do more but cybersecurity is a moving target and it will always be very challenging to stop this 100 percent of the time.

Jeff Sward
BrainTrust
Jeff Sward
Founding Partner, Merchandising Metrics
51 minutes 34 seconds ago

This is an unfortunate development. My local Macy’s is in a solid B mall and looks better recently than it has in the last couple years. Inventory levels seem to be in control. Presentation standards are very much improved, even if every fixture has a sale sign on top. Cash/wraps are manned. It looks like a very real effort at improving on the basics is in motion. A data breach is the last thing any retailer needs.

Dave Bruno
BrainTrust
Dave Bruno
Director, Retail Market Insights
47 minutes ago

Sadly, breaches have become so common I am not convinced they have significant impacts on consumer behaviors anymore. While this news is certainly the last thing Macy’s needs, I am not sure it will be the deciding factor for them this holiday season.

Rich Kizer
BrainTrust
Rich Kizer
Consumer Anthropologist, KIZER & BENDER Speaking
45 minutes 41 seconds ago

How horrible. Strike one and now strike two? There comes a point where consumer confidence is shaken to a deeper and more dangerous level. This is the last thing Macy’s needed, and frankly their answer/actions must be believable, which is going to be hard. This is one bad place for Macy’s to be at this time.

Cynthia Holcomb
BrainTrust
Cynthia Holcomb
Founder | CEO, Prefeye - Preference Science Technologies Inc.
43 minutes 35 seconds ago

Two data breaches within two years, especially at customer-facing “checkout” and “my wallet” tools is unacceptable. The negative effect on holiday sales will depend upon the reach of media coverage of Macy’s latest breach. As a shopper who has to personally deal with the unnecessary time spent dealing with their credit card info being stolen, why take the chance to shop Macy’s just to buy Aunt Sue a Christmas sweater? Amazon awaits.

Paula Rosenblum
BrainTrust
Paula Rosenblum
Managing Partner, RSR Research
41 minutes 32 seconds ago

The only retail data breach I can recall that caused a stir was the Target breach several years ago. But it wasn’t the breach itself that created ill will — it was the company’s response, which was to arbitrarily put limits on all its corporate debit cards, instead of just issuing new ones. One lesson I learned from that was to never shop using a debit card. Ever. The laws are too sketchy.

A credit card breach in and of itself rarely bothers consumers. The liability all lives elsewhere.

Paco Underhill
BrainTrust
Paco Underhill
CEO of Envirosell Inc., Speaker, NY Times Best-Selling Author
29 minutes 34 seconds ago

Both major merchants and brands are facing major breaches of consumer trust. It is a poison that is fueling shifts in consumer shopping patterns. As the analog results of digital flaws become more real – what will consumer response be? It is not just a Macy’s issue.

Mel Kleiman
BrainTrust
Mel Kleiman
President, Humetrics
22 minutes 17 seconds ago

Just another hack. They have become so common that most people just seem to ignore them and think it is a part of having to live with the internet. It does not seem to cause any real damage to the retailer who is hacked.

Cathy Hotka
BrainTrust
Cathy Hotka
Principal, Cathy Hotka & Associates
16 minutes 4 seconds ago

This won’t affect Macy’s holiday sales, but it may affect Macy’s performance on Wall Street. Let’s hope this is the last such story we hear during the season.

Patricia Vekich Waldron
Staff
Patricia Vekich Waldron
Contributing Editor, RetailWire; Founder and CEO, Vision First
4 minutes 40 seconds ago

I’m afraid that Santa was planning a lump of coal for Macy’s before the data breach …

