Data breach hits Saks Fifth Avenue, Lord & Taylor stores

Matt O’Brien reports:

A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.

The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.

Read more on SacBee.  What’s of special note is that it was a security firm, Gemini Advisory LLC , who picked up on this one and made the Hudson Bay aware:

Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards.

From Gemini’s advisory:

  • We estimate the window of compromise to be May 2017 to present.
  • Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised. The majority of stolen credit cards were obtained from New York and New Jersey locations.

You’ll probably want to read the entire advisory on this one.

About the author: Dissent