Categories: Media Moves

Coverage: Saks Fifth Avenue, Lord & Taylor face breach

A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.

Matt O’Brien of the Associated Press had the news:

The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.

The disclosure came after New York-based security firm Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards. The hackers named their stash BIGBADABOOM-2. While the extent of its holdings remains unclear, about 125,000 records were immediately released for sale.

The security firm confirmed with several banks that many of the compromised records came from Saks and Lord & Taylor customers.

Hudson’s Bay said in a statement that it “deeply regrets any inconvenience or concern this may cause,” but it hasn’t said how many Saks or Lord & Taylor stores or customers were affected. The company said there’s no indication that the breach affected its online shopping websites or other brands, including the Home Outfitters chain or Hudson’s Bay stores in Canada.

Jennifer Calfas of Fortune reported that it all U.S. locations were compromised:

All of the U.S. locations of the retail chains have been compromised, the company said, with the majority of stolen credit card information coming from stores in New York and New Jersey.

Hudson’s Bay Company, which owns both retail chains, released a statement Sunday about the data breach, noting that it does not impact shoppers who bought items on digital platforms.

“We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter,” the company said. “We have identified the issue, and have taken steps to contain it.”

Hudson’s Bay Company said it will notify customers as it gets more information. It also advised them to review their credit and debit card accounts to monitor for unusual transactions or activity. The company did not say how many stores or customers were compromised.

Jackie Wattles of CNNMoney.com reported that the card were used for in-store purchases:

The company added that the cards were used for in-store purchases, and there is “no indication” online purchases were affected. Hudson’s Bay said it’s cooperating with law enforcement in an ongoing investigation.

A cybersecurity firm called Gemini Advisory identified the breach and posted a blog post detailing its scope. The “attack is amongst the biggest and most damaging to ever hit retail companies,” according to the firm.

Gemini Advisory said a hacking syndicate put credit and debit card information it obtained from the hack up for sale on the dark web last week.

A “preliminary analysis” found credit card data was obtained for sales dating back to May 2017, according to the post. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the “majority of stolen credit cards were obtained from New York and New Jersey locations.”

Chris Roush

Chris Roush was the dean of the School of Communications at Quinnipiac University in Hamden, Connecticut. He was previously Walter E. Hussman Sr. Distinguished Professor in business journalism at UNC-Chapel Hill. He is a former business journalist for Bloomberg News, Businessweek, The Atlanta Journal-Constitution, The Tampa Tribune and the Sarasota Herald-Tribune. He is the author of the leading business reporting textbook "Show me the Money: Writing Business and Economics Stories for Mass Communication" and "Thinking Things Over," a biography of former Wall Street Journal editor Vermont Royster.

Recent Posts

CNBC taps Sullivan as “Power Lunch” co-anchor

CNBC senior vice president Dan Colarusso sent out the following on Monday: Before this year comes to…

21 hours ago

Business Insider hires Brooks as standards editor

Business Insider editor in chief Jamie Heller sent out the following on Monday: I'm excited to share…

22 hours ago

Is this the end of CoinDesk as we know it?

Former CoinDesk editorial staffer Michael McSweeney writes about the recent happenings at the cryptocurrency news site, where…

2 days ago

LinkedIn finance editor Singh departs

Manas Pratap Singh, finance editor for LinkedIn News Europe, has left for a new opportunity…

3 days ago

Washington Post announces start of third newsroom

Washington Post executive editor Matt Murray sent out the following on Friday: Dear All, Over the last…

4 days ago

FT hires Moens to cover competition and tech in Brussels

The Financial Times has hired Barbara Moens to cover competition and tech in Brussels. She will start…

4 days ago