Hudson’s Bay Company (HBC), owner of retailers Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor, confirmed on Sunday that data from card payments in some of its stores has been compromised. Hackers breached the stores’ payment systems and accessed the credit and debit card information of more than 5 million customers. The scale of this breach puts it among the largest and most destructive to hit the retail industry.
A notorious ring of cybercriminals known as Fin7 were responsible for the breach. On March 28th, the hacking syndicate announced the sale of more than 5 million stolen credit and debit cards on the Dark Web. Approximately 125,000 payment cards have been released to date, with the rest expected to become available in the coming months.
According to cybersecurity firm Gemini Advisory, who discovered the breach, data was compromised beginning in May of 2017. Based on their analysis, the majority of card data was stolen from New York and New Jersey locations. However, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations were exposed.
HBC said it is continuing its investigation but will “notify our customers quickly and offer those impacted free identity protection services, including credit and web monitoring.” The company has seen no indication that the breach impacted online sales.
This data breach will undoubtedly have a negative affect on North American consumers. If you or someone you know has shopped at a Saks Fifth Avenue, Saks Off Fifth, or Lord & Taylor in the past 12 months, here are 8 Tips for Data Breach Victims. Tweet This!