Hackers steal data from 5 million Saks, Lord & Taylor customers
Lord & Taylor and Saks Fifth Avenue announced Sunday that 5 million of their customers suffered a data breach, with cybercriminals stealing credit and debit card information. The breach affected Hudson’s Bay Co., which owns both chains, in its North American stores.
The company said in an updated statement Monday that it believes the breach “no longer poses a risk to customers shopping at our stores.”
It’s also creating a call center, at 1-855-270-9187, so people can call to see if they were affected by the breach.
Data breaches have become a commonplace risk for both customers and companies as hackers target corporations with weak cybersecurity. Last week, for instance, Under Armour announced that 150 million accounts from MyFitnessPal were stolen in a data breach. Entities from travel agencies to voter records have been hit by hackers. More than half of the US population is still feeling the aftereffects of Equifax’s massive breach.
People are trusting companies to protect their data, and Hudson’s Bay is the latest to show it couldn’t.
Security researchers from Gemini Advisory said the majority of the stores affected were in New York and New Jersey, and the problem started in May 2017, ending when the breach was discovered. The hackers, from a group called JokerStash, also known as Fin7, put up more than 5 million stolen credit and debit cards for sale on the dark web, the researchers said.
The hacking group is also allegedly behind the breaches against Whole Foods, Chipotle and Trump Hotels. The researchers said that this was one of the “most damaging to ever hit retail companies.”
“The theft of five million payment cards is undoubtedly among the most significant credit card heists in modern history,” the researchers wrote.
That still pales in comparison to the information from 56 million credit cards stolen from Home Depot in 2014, or the data of 40 million customers hacked from Target.
Saks Fifth Avenue said it would be offering affected customers free identity protection, along with credit and web monitoring. The company said it’s still investigating the breach and will notify affected customers as it learns more information.
Source | cnet