Data Breach Hits Saks Fifth Avenue, Lord & Taylor Stores

More retail chains were hit by a data breach recently. Hudson's Bay Co., the parent company of [...]

More retail chains were hit by a data breach recently. Hudson's Bay Co., the parent company of Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor stores, said its store payment systems were compromised.

According to the Associated Press, Hudson's Bay said it was investigating the break and will take necessary steps to make sure it does not get worse.

The company confirmed the breach after security firm Gemini Advisory LLC reported that a hacking group known as JokerStash and Fin7 claimed it was preparing to sell data from 5 million stolen credit and debit cards. Although the exact number of cards stolen remains unknown, the hackers already put about 125,000 records up for sale on the dark web. Gemini Advisory said many of the records came from Saks and Lord & Taylor customers.

"We deeply regret any inconvenience or concern this may cause," Hudson's Bay said in a statement Sunday.

The company told consumers to immediately contact their banks or card issuers if they see unauthorized transactions.

"We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter," the statement reads. "We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring. We encourage our customers to review their account statements and contact their card issuers immediately if they identify activity or transactions they do not recognize."

The company said it will also set up a dedicated call center for customers "in the coming days."

Dmitry Chorine, Gemini Advisory co-founder and chief technology officer, told the AP that the hack likely began about a year ago.

Chorine said most of the data came from customers in the New York City metropolitan area and the Northeast, as those stores might not be using more secure credit card payment systems yet. However, the firm also identified compromised stores in California, Texas and Florida. Three potentially compromised stores are located in Ontario, Canada.

This hacking is similar to other data breaches at retail chains like Target and Home Depot. In 2013, a cyber attack of Target data affected over 41 million credit card accounts. In 2017, Target agreed to pay $18.5 million, the largest settlement ever for a data breach, USA Today reported at the time.

Photo credit: Roberto Machado Noa/LightRocket via Getty Images

0comments