Data breach hits Saks Fifth Avenue, Lord & Taylor storesPosted: Updated:
By MATT O'BRIEN
AP Technology Writer
NEW YORK - A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.
The chains' parent company, Canada-based Hudson's Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.
The disclosure came after New York-based security firm Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards. The hackers named their stash BIGBADABOOM-2. While the extent of its holdings remains unclear, about 125,000 records were immediately released for sale.
The security firm confirmed with several banks that many of the compromised records came from Saks and Lord & Taylor customers.
Hudson's Bay said in a statement that it "deeply regrets any inconvenience or concern this may cause," but it hasn't said how many Saks or Lord & Taylor stores or customers were affected. The company said there's no indication that the breach affected its online shopping websites or other brands, including the Home Outfitters chain or Hudson's Bay stores in Canada.
The company said customers won't be liable for fraudulent charges. It plans to offer free credit monitoring and other identity protection services.
There is evidence that the breach began about a year ago, said Dmitry Chorine, Gemini Advisory's co-founder and chief technology officer. He said the prolific hacking group has previously targeted major hotel and restaurant chains.
The breach follows last year's high-profile hack of credit bureau Equifax that exposed the personal data of millions of Americans. This newest breach, however, more closely resembles past retail breaches that have targeted the point-of-sale systems used by companies from Home Depot to Target and Neiman Marcus.
Chorine said the hackers' typical method is to send cleverly crafted phishing emails to company employees, especially managers, supervisors and other key decision-makers. Once an employee clicks on an attachment, which is often made to look like an invoice, the system gets infected.
"For an entire year, criminals were able to sit on the network of Lord & Taylor and Saks and steal data," he said.
Chorine said most of the stolen credit cards appear to have been obtained from stores in the New York City metropolitan area and other Northeast U.S. states. It's possible, he said, that those stores hadn't yet adopted the more secure credit card payment systems that have been rolled out elsewhere.
Hudson's Bay is advising customers who want more information about the breach to visit security-response websites it's created for Saks Fifth Avenue , Saks Off Fifth , and Lord & Taylor .
Copyright 2018 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Top StoriesTop StoriesMore>>
- Fleet Week is in full swing Sunday at Liberty State Park in Jersey City.Fleet Week is in full swing Sunday at Liberty State Park in Jersey City.
- Rosalita's Roadside Cantina is all clear following a measles exposure, the New Jersey Department of Health says.Rosalita's Roadside Cantina is all clear following a measles exposure, the New Jersey Department of Health says.
- Officials say three firefighters were rescued from the fire they were battling early Sunday morning.Officials say three firefighters were rescued from the fire they were battling early Sunday morning.
- State police say a boat hit a navigational marker in Barnegat Bay Friday night.State police say a boat hit a navigational marker in Barnegat Bay Friday night.
- National Blueberry Cheesecake Day is celebrated today. Do you like cheesecake?National Blueberry Cheesecake Day is celebrated today. Do you like cheesecake?
New Jersey SlideshowsGalleriesMore>>
- The live-action Aladdin film flew into theaters Friday.The live-action Aladdin film flew into theaters Friday.
- Fleet Week New York started May 22. This year marks the 31st annual event that features a week filled of activities, themed events and live demonstrations.Fleet Week New York started May 22. This year marks the 31st annual event that features a week filled of activities, themed events and live demonstrations.
- Are you attending the PGA Championship? News 12 wants to see your photos!Are you attending the PGA Championship? News 12 wants to see your photos!
- Here are the photos of the guests who visited the News 12 studio to showcase the great eats New Jersey trucks have to offer!Here are the photos of the guests who visited the News 12 studio to showcase the great eats New Jersey trucks have to offer!
- The Rockland-Bergen Music Festival has announced its 2019 lineup.The Rockland-Bergen Music Festival has announced its 2019 lineup.