Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor were hit by a data breach that has compromised the personal information of customers who shopped at the stores.
According to The Los Angeles Times, the chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems. The company said it is working to contain the attack and is currently investigating what happened.
The LA Times reported that New York-based security firm, Gemini Advisory LLC, revealed on Sunday that a hacking group, known as JokerStash or Fin7, was trying to sell a stash of up to 5 million stole credit and debit cards on dark websites last week. The security firm then confirmed with several banks that many of the compromised records came from Saks and Lord & Taylor customers.
Hudson’s Bay has apologized for the breach but has not said how many people were affected. The company confirmed customers will not be liable for fraudulent charges, and plans to offer free credit monitoring and other identity protection services. Gemini Advisory’s co-founder and chief technology officer, Dmitry Chorine, said there is evidence the breach began about a year ago.
Thanks for reading InsideHook. Sign up for our daily newsletter and be in the know.