Hudson’s Bay Company (HBC) confirms theft of payment card details at its Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America. Over five million Saks and Lord and Taylor shoppers’ credit card or debit card numbers are disclosed. The fraudulent activity took place at the said retail chains' in-store POS terminals.
The already submerged off-line retail market is hit with the blow. The theft of 5 million cardholders’ numbers is one of the largest and the most threatening retail data hack.
The Canadian business group, HBC stated that it has taken the remedial steps in the preview of the cyber attack. The investigation is on-going and the company will let know the affected customers, once it gets complete clarity and evidence on the data theft. Moreover, Hudson’s Bay Company agrees to provide free identity protection services, including credit and web monitoring to those impacted. It added that Social Security or Social Insurance numbers, driver’s license numbers, or PINs remain unaffected in this data breach.
Fortunately, the online shopping platforms of the duped retail chains and other stores, namely Hudson’s Bay, GaleriaKaufhof, Home Outfitters, HBC Europe and Gilt.com have not come under the scanner.
Saks Fifth Avenue, Lord & Taylor Data Theft
According to Gemini Advisory, the leading research firm in cracking down Deep and Dark Web activities first notified about Saks and Lord & Taylor data breach. Through preliminary analysis and cross-checking with large financial institutions, Gemini confirmed that the hacking syndicate JokerStash, known as Fin7 is behind Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor data hack, which has also given it code name: BIGBADABOOM-2.
Fin7 is the infamous organization for hacking renowned retailers like Whole Foods, Chipotle, Omni Hotels & Resorts, Trump Hotels, and others. Prima facie, it appears that the hacking syndicate started phishing Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor data from May 2017 to present. The entire network of Lord & Taylor stores and 83 Saks Fifth Avenue stores in the US along with 3 stores located in Canada are affected. Majority of the leaked payment card details belong to New Jersey and New York locations.
Out of 5 million cardholders’ numbers, Fin 7 has put 125,000 records on trade. Presently, it has announced the sale of 35,000 card records of Saks Fifth Avenue and 90,000 details for Lord & Taylor. This is a common trend to release the hacked data in parts rather than a complete bulk in order to avoid legal complications.
It is reassuring that the American and Canadian have strengthened the anti-fraud detective capabilities. However, HBC has requested its shoppers to monitor their card activities on a continuous basis to prevent probable damage. Gemini suggested the customers set up the transaction alert for every card payment.