https://www.cnet.com/news/macys-data-breach-may-have-seen-customer-info-stolen/

Some Macy's online customers became victims of data theft, including their credit card numbers, following a breach in the retailer's security.

The breach took place between April 26 and June 12, during which time an "unauthorized third party" managed to obtain usernames and passwords and then log onto Macy's and Bloomingdale's shoppers' online profiles, the company said in a letter sent July 2 to the New Hampshire Attorney General's Office and first reported by DataBreaches. Macy's owns Bloomingdale's.