Hackers breach Saks, Lord & Taylor customer data, parent Hudson’s Bay says
A shopper uses a Fifth Avenue entrance to Saks, in New York in 2013. A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores. | AP

/

Hackers breach Saks, Lord & Taylor customer data, parent Hudson’s Bay says

NEW YORK – AP

A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.

The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.

The disclosure came after New York-based security firm Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began trying to sell a stash of up to 5 million stolen credit and debit cards on dark websites last week. The security firm confirmed with several banks that many of the compromised records came from Saks and Lord & Taylor customers.

Hudson’s Bay said in a statement that it “deeply regrets any inconvenience or concern this may cause,” but it hasn’t said how many Saks or Lord & Taylor stores or customers were affected. The company said there’s no indication that the breach affected its online shopping websites or other brands, including the Home Outfitters chain or Hudson’s Bay stores in Canada.

The company says customers won’t be liable for fraudulent charges. It plans to offer free credit monitoring and other identity protection services.

There is evidence that the breach began about a year ago, said Dmitry Chorine, Gemini Advisory’s co-founder and chief technology officer. He said the prolific hacking group has previously targeted major hotel and restaurant chains.

Chorine said the hackers’ method is to send cleverly crafted phishing emails to company employees, especially managers, supervisors and other key decision-makers. Once an employee clicks on attachment, which is often made to look like an invoice, the system gets infected.

“For an entire year, criminals were able to sit on the network of Lord & Taylor and Saks and steal data,” he said.

Chorine said most of the stolen credit cards appear to have been obtained from stores in the New York City metropolitan area and other Northeast U.S. states. It’s possible, he said, that those stores hadn’t yet adopted the more secure credit card payment systems that have been rolled out elsewhere.

LATEST BUSINESS STORIES

The European Union responded to U.S. tariffs on steel and aluminium by slapping levies on politically resonant products, including Levi Strauss & Co. jeans.
Trump tariff threat on European cars escalates global trade war
U.S. President Donald Trump threatened a 20 percent tariff on cars imported from the European Union unless the bloc removes import duties and other barriers to U.S. goods, escalating a global tr...
Image Not Available
Iran doesn't expect oil customers — including Japan — to get sanctions waivers
Iran said it doesn't believe buyers of its oil — including Japan — will get waivers from Washington that would allow them to continue purchasing cargoes after U.S. President Donald Trump's renewal ...
The Bank of Japan stands in central Tokyo. Sources say the BOJ may lower its inflation forecast for the current fiscal year, acknowledging that price gains have undershot expectations.
Bank of Japan eyes lowering fiscal 2018 inflation forecast
The Bank of Japan may lower its inflation forecast for the current fiscal year, acknowledging that price gains have undershot expectations despite an otherwise strengthening economy, sources sai...

Photos

search icon Click to enlarge

A shopper uses a Fifth Avenue entrance to Saks, in New York in 2013. A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores. | AP

, , , ,