Macy’s Data Breach

powered by Typeform

HGD is no Longer Accepting Clients For This Case.

Attorneys from Heninger Garrison Davis, LLC’s class action and intellectual property group filed a class action complaint this week against the United States and the United States Patent and Trademark Office (USPTO) for damages to Christy, Inc. and a class of other patent holders whose property was taken by the USPTO without compensation in violation of the Fifth Amendment of the Constitution.

The Heninger Garrison Davis, LLC law firm is actively litigating cases against Macy’s for its clients who were affected by Macy’s data breach. They have filed a case in New Jersey, Maroldi v. Macy’s Inc. et al., 2:18-cv-12190-JMV-JBC, and are co-counsel in a case inAlabama entitled Carroll v. Macy’s Inc. et al. If you have been affected by the Macy’s data breach in any way, please contact us for a free discussion of your legal options

Below is some basic information on the Macy’s data breach:

Unlike PII data, payment card data is heavily regulated. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies maintain consumer credit and debit card information in a secure environment. “PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data.” PCI DSS v. 2 at 5 (2010) (hereafter PCI Version 2).

One PCI requirement is to protect stored cardholder data. Cardholder data includes Primary Account Number, Cardholder Name, Expiration Date, and Service Code. Id. at 7. “Network segmentation of, or isolating (segmenting), the cardholder data environment from the remainder of an entity’s network is not a PCI DSS requirement.” Id. at 10. However, segregation is recommended because, among other reasons, “[i]t’s not just cardholder data that’s important; criminals are also after personally identifiable information (PII) and corporate data.”

Sometime during the first week in July, Macy’s mailed to some of the affected customers a letter notifying customers of “suspicious login activities” by a third party and informing customers that the third party was able to access customer’s name, address, phone number, email address, birthday and credit card or debit card number with expiration dates.

On July 9, 2018, Macy’s spokesperson Blair Rosenberg confirmed the incident to Email Insider, providing a written statement confirming the breach:

We are aware of a data security incident involving a small number of our customers at and We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.

Thus, by Macy’s own admission, hackers had access to numerous Macy’s customers PII.

Please contact us if you have any questions or would like to discuss this with us for free 1-800- 241-9779.

We help people effectively fight their
Offenders back and successfully defend their own stand!