The department store revealed Monday that a third party gained access to accounts on Macys.com and Bloomingdales.com using valid usernames and passwords between April 26 and June 12.

Macy’s said that “a small number” of its customers were affected by the breach although didn’t specify how many and said only that the data was obtained from a source other than Macy’s.

Macy's spokesperson confirmed the incident to ‘Email Insider’, recognizing that they “are aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com.”

Macy’s and Bloomingdales’ consumer information hacked

The retailer’s cybersecurity tools detected suspicious login activities on June 11, and on June 12, explaining they blocked the accounts that appeared to have been breached. The department stores operator has since then “investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services."

As per the type of data compromised, preliminary research revealed that hackers were able to breach customer profiles, names and addresses and card expiration dates.

While Macy’s blocked the profiles that it believes to have been compromised, the retailer is asking customers to “remain vigilant,” reports ‘PYMNTS’.

Macy’s hack comes less than a month after the U.S. website of Adidas was compromised.

Photo: The Edit, Macy’s Web, U.S.