Massive Data Breach At Saks And Lord & Taylor Affects Millions


Printer-friendly version Email this CRN article

Hackers have stolen more than 5 million credit and debit card numbers from customers of retailers Saks Fifth Avenue and Lord & Taylor.

Hudson's Bay Co., the parent company of the retailers, disclosed Sunday that a security breach had compromised data on payment cards used at its stores in North America.  New York-based security firm Gemini Advisory said in a report that information was stolen from the stores through point-of-sale systems.

Approximately 125,000 cards have been released for sale by the hacking group JokerStash or Fin7. Gemini Advisory said it saw a significant increase of stolen payment card information for sale on the dark web last week from the hackers.

[Related: Spectre/Meltdown Part Two? Research Firm Audit Reveals Critical Flaws, Backdoors In Four AMD Processors]

Hudson's Bay is urging customers to review their account statements for fraudulent activity while saying clients will not be liable for fraudulent charges.

"We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores," said Hudson's Bay in a statement. "We are working rapidly with leading data security investigators to get our customers the information they need, and our investigation is ongoing."

Data breach activity continues to skyrocket. In the first 11 months of 2017, there were over 1,200 breaches, up 10 percent from the recorded breaches for all of 2016, according to a report by Identity Theft Resource Center and CyberScout. Attackers are going after everything from credit card numbers and voter registration details to passwords and encryption keys.

Last week, sporting retailer Under Armour said a data breach affected 150 million accounts on its food and nutrition application MyFitnessPal. Hacked information included usernames, email addresses and passwords.

Printer-friendly version Email this CRN article