Macy's website was breached in October, with hackers swiping information on some customers as they shopped online, according to the retailer.
"We are aware of a highly sophisticated and targeted data security incident related to macys.com that affected a small number of customers during a one-week period in October," the company said in an email. "Affected customers have been notified and will receive additional information, including instructions on how to enroll in consumer protection services at no cost."
The customer information potentially exposed in the cyberattack include name, address, phone number, email address, credit card number and security code, the retailer said.
Macy's did not specify how many customers were affected by the hack. The department store chain said it reported the incident to federal law enforcement.
Macy's shares fell nearly 11% on Tuesday after news of the data breach first surfaced.
The Cincinnati-based retailer notified customers about the breach in a letter last week, saying that Macy's had been alerted to a "suspicious connection" between its e-commerce platform and another website on Octobeer 15.
The security breach is. The accounts of thousands of the retailer's online customers were compromised in an incident last year.