Saks, Lord & Taylor hacked, over 5 million cards data exposed
By Cecilio Leacock IBexclusive News Sunday, April 1, 2018.
(IBEXNews) - Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor were hit by a massive hack that exposed data on 5 million debit and credit cards.
Hudson’s Bay Company confirmed the breach on its North American stores, adding it has “identified the issue, and has taken steps to contain it.”
The Toronto-based company declined to say how many customers were affected, however, or when their data may have been hacked.
But Gemini Advisory, a New York-based security firm, said in a blog post Sunday that data from up to 5 million cards was put up for sale last week by JokerStash — a hacker syndicate.
The breach may have begun as far back as May 2017 and “is amongst the biggest and most damaging to ever hit retail companies,” Gemini Advisory said in the detailed post.
Every Lord & Taylor was hit by the cyber attack, the firm said, while just 83 Saks locations were.
Most of those are believed to be in the New York and New Jersey area, Gemini Advisory said.
Just 125,000 ripped records have been put up for sale so far, the company said, most of which stemmed from Lord & Taylor transactions.
“Considering the rather standard practice of marketplace operators in releasing stolen data gradually in order to avoid oversaturation of the market and to minimize the chances of identification of stolen records by the banks, it will take at least several months before the entire archive is offered for sale,” Gemini Advisory warned.
Hudson’s Bay said it’s "working rapidly with leading data security investigators to get customers the information they need, and the investigation is ongoing."
“HBC is also coordinating with law enforcement authorities and the payment card companies,” it said in a statement.
Impacted customers will be offered free data protection services once Hudson’s Bay has more information about the breach.
“The Company deeply regrets any inconvenience or concern this may cause,” Hudson's Bay said.