Macy's is warning customers that the retailer discovered a cyber threat that targeted customer profiles for almost two months.
According to a letter mailed to macys.com customers this week, Macy's cyber threat alert tools detected suspicious login activities on June 11.
This "suspicious activity" was being done by a third party, who the retailer said obtained the information from a source other than Macy's. From April 26 to June 12, the third party was using valid usernames and passwords to gain access to the customers' accounts.
On June 12, Macy's blocked the profiles that seemed to be breached by the third party.
What customers should do: A macys.com customer account will remain blocked until the customer changes the password associated with the profile, according to the letter. You should've received an email notifying you that your profile was blocked.
If you didn't receive an email, Macy's said to check your junk folder for an email with the subject line "Important information about your Macy's online profile." If you can't find the email, Macy's said that your profile still may be blocked and to change the password anyway.