Macy's says cyberthieves hacked the accounts of thousands of the retailer's online customers, compromising people's full names as well as their credit card numbers and expiration dates.
The attack, which occurred over roughly six weeks between the end of April and the beginning of June before being shut down, affected consumers registered on Macys.com or Bloomingdales.com. Logins and passwords were taken from sites unrelated to the retailers and then used to access data on both sites.
"We are aware of a data security incident involving a small number of our customers," a Macy's spokesperson said in a statement to CBS MoneyWatch. "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures."
Customers potentially impacted by the breach have been notified and offered free consumer protection services, the retailer said.
The incident follows a slew of major companies being targeted by hackers, including Hudson Bay,. And less than two weeks ago, Adidas said might be in the hands of hackers after a breach involving its U.S. website.
Credit-reporting agency Equifax earlier this year added 2.4 million Americans to its initial count of 145.5 million .