News, Culture & Society

Hackers selling stolen data five million credit debit cards used at Saks Fifth Avenue Lord & Taylor

Information from a set of more than five millions credit and debit cards used by shoppers at Saks Fifth Avenue and Lord & Taylor stores has been posted for sale on the dark web by hackers.

The hacker syndicate believed to be responsible goes by ‘Fin7,’ according to Gemini Advisory, the cybersecurity firm that first announced the breach of the retailers owned by Canadian retail business group Hudson’s Bay Company (HBC) on Sunday.

The ‘attack is amongst the biggest and most damaging to ever hit retail companies” according to the firm. 

The firm said approximately 125,000 records have been released for sale on the dark web as of Sunday, with the rest anticipated to be made available for purchase within months. 

‘HBC has identified the issue, and has taken steps to contain it,’ the company said on Sunday.

Information from a set of more than five millions credit and debit cards used by shoppers at Saks Fifth Avenue and Lord & Taylor stores, all owned by Hudson’s Bay Company (HBC), has been posted for sale on the dark web; A stock image of a Saks Fifth Avenue located in Toronto, Ontario, Canada is shown here

The company did not reveal how the hackers were able to gain access to its payment data. 

‘Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,’ HBC said.  

Gemini Advisors determined that data was breached dating back to May 2017.

The firm said the hacking syndicate which also goes by JokerStash has called the batch of stolen data, ‘BIGBADABOOM-2.’ 

Of the records already released for sale, it’s believed that approximately 35,000 records came frmo Saks Fifth Avenue and 90,000 records came from Lord & Taylor stores.

‘Based on the analysis of records that are currently available, it appears that all Lord & Taylor and 83 US based Saks Fifth Avenue locations have been compromised,’ Gemini Advisory said.

‘In addition, we identified three potentially compromised stores located in Ontario, Canada. However, the majority of stolen credit cards were obtained from New York and New Jersey locations.’

An investigation is ongoing, but HBC responded with a press release on Sunday to tell its customers ‘there is no indication at this time that this affects the Company’s e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe.’

HBC said it is coordinating with law enforcement authorities and payment card companies; This stock photo shows images of credit and debit cards from Visa, Barclays Connect, Natwest, Switch, American Express and Mastercard

HBC said it is coordinating with law enforcement authorities and payment card companies; This stock photo shows images of credit and debit cards from Visa, Barclays Connect, Natwest, Switch, American Express and Mastercard

The cybersecurity firm echoed that statement, saying, ‘At this moment we believe that online shopping websites were not affected and online customers are not at risk.’

The majority of stolen credit cards were obtained from New York and New Jersey locations of Saks Fifth Avenue, Saks Fifth Avenue OFF 5TH and Lord & Taylor stores, the firm said. 

HBC said that its customers would not be liable for any fraudulent charges that may result from this data breach, but also urged them to be vigilant about checking their statements to catch any fraudulent charges, sooner rather than later.

‘We encourage our customers to review their account statements and contact their card issuers immediately if they identify activity or transactions they do not recognize,’ the company said.

Gemini Advisory gave similar advice.

‘Those who shopped at the retail stores should either promptly replace their payment cards or setup transaction alerts to monitor for suspicious activity,’ the firm said.

HBC said there has been no indication that Social Security or driver’s license numbers have been affected by the data breach. 

The company has set up independent websites for customers of each of Saks Fifth Avenue, Saks Fifth Avenue OFF 5TH and Lord & Taylor stores to access the most up to date information related to the data breach.

Dedicated call center information will be posted on the above linked websites and soon as they are up and running. 

HBC said it is coordinating with law enforcement authorities and payment card companies. 

Fin7 is the same group thought to be responsible for hacks that affected Whole Foods, Chipotle, Omni Hotels & Resorts and Trump Hotels, Gemini Advisory said.

The company has set up independent websites for customers of each of Saks Fifth Avenue , Saks Fifth Avenue OFF 5TH and Lord & Taylor stores to access the most up to date information related to the data breach

The company has set up independent websites for customers of each of Saks Fifth Avenue , Saks Fifth Avenue OFF 5TH and Lord & Taylor stores to access the most up to date information related to the data breach



Read more at DailyMail.co.uk