Categories: Media Moves

Coverage: Saks Fifth Avenue, Lord & Taylor face breach

A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.

Matt O’Brien of the Associated Press had the news:

The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.

The disclosure came after New York-based security firm Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards. The hackers named their stash BIGBADABOOM-2. While the extent of its holdings remains unclear, about 125,000 records were immediately released for sale.

The security firm confirmed with several banks that many of the compromised records came from Saks and Lord & Taylor customers.

Hudson’s Bay said in a statement that it “deeply regrets any inconvenience or concern this may cause,” but it hasn’t said how many Saks or Lord & Taylor stores or customers were affected. The company said there’s no indication that the breach affected its online shopping websites or other brands, including the Home Outfitters chain or Hudson’s Bay stores in Canada.

Jennifer Calfas of Fortune reported that it all U.S. locations were compromised:

All of the U.S. locations of the retail chains have been compromised, the company said, with the majority of stolen credit card information coming from stores in New York and New Jersey.

Hudson’s Bay Company, which owns both retail chains, released a statement Sunday about the data breach, noting that it does not impact shoppers who bought items on digital platforms.

“We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter,” the company said. “We have identified the issue, and have taken steps to contain it.”

Hudson’s Bay Company said it will notify customers as it gets more information. It also advised them to review their credit and debit card accounts to monitor for unusual transactions or activity. The company did not say how many stores or customers were compromised.

Jackie Wattles of CNNMoney.com reported that the card were used for in-store purchases:

The company added that the cards were used for in-store purchases, and there is “no indication” online purchases were affected. Hudson’s Bay said it’s cooperating with law enforcement in an ongoing investigation.

A cybersecurity firm called Gemini Advisory identified the breach and posted a blog post detailing its scope. The “attack is amongst the biggest and most damaging to ever hit retail companies,” according to the firm.

Gemini Advisory said a hacking syndicate put credit and debit card information it obtained from the hack up for sale on the dark web last week.

A “preliminary analysis” found credit card data was obtained for sales dating back to May 2017, according to the post. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the “majority of stolen credit cards were obtained from New York and New Jersey locations.”

Chris Roush

Chris Roush was the dean of the School of Communications at Quinnipiac University in Hamden, Connecticut. He was previously Walter E. Hussman Sr. Distinguished Professor in business journalism at UNC-Chapel Hill. He is a former business journalist for Bloomberg News, Businessweek, The Atlanta Journal-Constitution, The Tampa Tribune and the Sarasota Herald-Tribune. He is the author of the leading business reporting textbook "Show me the Money: Writing Business and Economics Stories for Mass Communication" and "Thinking Things Over," a biography of former Wall Street Journal editor Vermont Royster.

Recent Posts

Dow Jones plans to expand Middle East operations

Dow Jones & Co., the parent of The Wall Street Journal, Barron's, MarketWatch.com and Investor's…

3 hours ago

WSJ seeks a White House reporter

The Wall Street Journal is seeking a White House reporter in Washington, DC, to break…

3 hours ago

Politics editor Pershing leaving WSJ

Ben Pershing, the politics editor of The Wall Street Journal, is leaving the news organization.…

3 hours ago

NY Times taps Stevenson as DC bureau chief

New York Times executive editor Joe Kahn sent out the following on Friday: A January 2010 front…

3 hours ago

Dow Jones senior VP Jones is departing

Brent Jones, the senior vice president of training, culture and community at Dow Jones, is…

3 hours ago

WSJ seeks a logistic bureau chief

The Wall Street Journal is looking for an editor to lead its coverage of logistics…

15 hours ago