Lord and Taylor, Saks Fifth Avenue fall victim to data breach

Customers will not be liable for fraudulent charges

Card Data Stolen From 5 Million Saks and Lord & Taylor Customers

Through preliminary analysis and cross-checking with large financial institutions, Gemini confirmed that the hacking syndicate JokerStash, known as Fin7 is behind Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor data hack, which has also given it code name: BIGBADABOOM-2.

How did the data breach happen?

Lord & Taylor and Saks Fifth Avenue announced Sunday that 5 million of their customers suffered a data breach, with cybercriminals stealing credit and debit card information.

The hackers seem to have implanted software into cash register systems without the retailers' knowledge, according to The New York Times.

"On March 28, we saw a significant spike of stolen credit cards offered for sale on one of the marketplaces", said Chorine.

Most of it coming from stores in NY and New Jersey.

In January, the group struck Jason's Deli restaurants, when up to two million unique payment card numbers were stolen and put up for sale.

"While the investigation is ongoing, there is no indication that this affects our e-commerce or other digital platforms, Hudson's Bay, Home Outfitters, or HBC Europe".

Jays' Smoak named AL Player of the Week
Justin Smoak, on the day of his bobblehead giveaway, hit a double and two singles and drove in a pair of runs for Toronto (1-2). Outfielders Jacoby Ellsbury (strained right oblique) and Clint Frazier (concussion) are also on the DL.


The company said it is investigating the breach and taking steps to contain the attack and that customers won't be liable for fraudulent charges.

The Hudson's Bay Company will reach out to their customers and offer identity-protection services.

For now, HBC is asking clients to review their account statements for activity or transactions they don't recognize. In the coming days, we will provide additional information to our customers through our websites and a dedicated call center.

"When data that's used for customer account login or for payments is centralized on a retailer's server, it's especially vulnerable", noted George Avetisov, CEO of HYPR, a provider of decentralized authentication services for businesses. However, it's important to take action right away to protect your private information.

Though an identical number of card details was compromised in the December 2017 Jason's Deli Restaurants breach, Gemini believes the fallout from the Saks hack could be exponentially greater.

Gemini urged all brick-and-mortar stores to switch from magnetic stripe card machines to Europay Mastercard and Visa, or EMV, terminals, which are able to verify purchases through a microchip in the physical card itself.

"Those credit cards and debit cards, change your passwords".

Latest News