Categories: Media Moves

Coverage: Saks Fifth Avenue, Lord & Taylor face breach

A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.

Matt O’Brien of the Associated Press had the news:

The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.

The disclosure came after New York-based security firm Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards. The hackers named their stash BIGBADABOOM-2. While the extent of its holdings remains unclear, about 125,000 records were immediately released for sale.

The security firm confirmed with several banks that many of the compromised records came from Saks and Lord & Taylor customers.

Hudson’s Bay said in a statement that it “deeply regrets any inconvenience or concern this may cause,” but it hasn’t said how many Saks or Lord & Taylor stores or customers were affected. The company said there’s no indication that the breach affected its online shopping websites or other brands, including the Home Outfitters chain or Hudson’s Bay stores in Canada.

Jennifer Calfas of Fortune reported that it all U.S. locations were compromised:

All of the U.S. locations of the retail chains have been compromised, the company said, with the majority of stolen credit card information coming from stores in New York and New Jersey.

Hudson’s Bay Company, which owns both retail chains, released a statement Sunday about the data breach, noting that it does not impact shoppers who bought items on digital platforms.

“We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter,” the company said. “We have identified the issue, and have taken steps to contain it.”

Hudson’s Bay Company said it will notify customers as it gets more information. It also advised them to review their credit and debit card accounts to monitor for unusual transactions or activity. The company did not say how many stores or customers were compromised.

Jackie Wattles of CNNMoney.com reported that the card were used for in-store purchases:

The company added that the cards were used for in-store purchases, and there is “no indication” online purchases were affected. Hudson’s Bay said it’s cooperating with law enforcement in an ongoing investigation.

A cybersecurity firm called Gemini Advisory identified the breach and posted a blog post detailing its scope. The “attack is amongst the biggest and most damaging to ever hit retail companies,” according to the firm.

Gemini Advisory said a hacking syndicate put credit and debit card information it obtained from the hack up for sale on the dark web last week.

A “preliminary analysis” found credit card data was obtained for sales dating back to May 2017, according to the post. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the “majority of stolen credit cards were obtained from New York and New Jersey locations.”

Chris Roush

Chris Roush was the dean of the School of Communications at Quinnipiac University in Hamden, Connecticut. He was previously Walter E. Hussman Sr. Distinguished Professor in business journalism at UNC-Chapel Hill. He is a former business journalist for Bloomberg News, Businessweek, The Atlanta Journal-Constitution, The Tampa Tribune and the Sarasota Herald-Tribune. He is the author of the leading business reporting textbook "Show me the Money: Writing Business and Economics Stories for Mass Communication" and "Thinking Things Over," a biography of former Wall Street Journal editor Vermont Royster.

Recent Posts

Indianapolis Biz Journal seeks a news editor

The Indianapolis Business Journal is looking for our next news editor, a role that focuses…

10 hours ago

Axios hires Berkowitz as ME for media and markets coverage

Axios has chosen Ben Berkowitz to be its next managing editor of business and markets.…

14 hours ago

Business Insider hires Ortega as director of newsroom operations

Business Insider editor in chief Jamie Heller sent out the following on Monday: I'm thrilled…

15 hours ago

Rest of World promotes Chandran to deputy editor

Rest of World editor in chief Anup Kaphle sent out the following on Monday: We are excited…

15 hours ago

FT hires Venugopal as India newsletter editor

The Financial Times has hired Veena Venugopal as its India newsletter editor. She has been working at…

16 hours ago

FT taps Parkin to be Middle East and Africa news editor

Benjamin Parkin has been named Middle East and Africa news editor at the Financial Times, based…

19 hours ago