Ransomware victim disclosure
← All victimsMacy's, Inc.
listed as MACYS.COM · Claimed by Clop · listed 8 months ago
Status timeline
- ListedNov 21, 2025
- Data leakeddate unknown
At a glance
- Group
- Clop
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Nov 21, 2025
About the victim
AI dossier — public-source company profileMacy's, Inc. operates Macy's.com, the e-commerce platform of one of the United States' largest department store retailers. The company offers clothing, accessories, home goods, and other consumer products from popular brands, with online shopping, delivery, and customer service capabilities.
- Industry
- Department Store & Retail
Attack summary
Severity: medium — Data published status confirmed by disclosure flag, but no proof files documented, no data inventory specified, and no operational impact stated. As a major retailer, potential exposure could involve customer PII or payment data, warranting medium classification pending further evidence.The CLOP ransomware group claims to have attacked Macy's.com and published data from the breach. No specific details on whether data was exfiltrated, encrypted, or both are provided in the post.
Original description
AI-summarised, not from the leak postMacy's.com is the online platform of Macy’s, Inc., one of the premier retailers in the United States. The company offers a range of products such as clothing, accessories, home goods and more from popular brands. It also provides features like online shopping, delivery, returns and customer service. Macy's.com reintroduces the convenience and ease of shopping to the customer's fingertips.
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

