Macy’s suffers online Magecart card-skimming attack, data breach. The department store detected malicious code in its online payment portal. Macy’s has announced a data breach caused by Magecart card-skimming code being implanted in the firm’s online payment portal. In a letter issued to customers, the company says that it was alerted to the security incident on October 15, and the Macy’s team quickly found that card-skimming script had been injected into two pages on the Macy’s website.