Published: Tue, April 03, 2018
Tech | By Dwayne Harmon

5M credit cards used at Lord & Taylor amd Saks Fifth Avenue compromised

5M credit cards used at Lord & Taylor amd Saks Fifth Avenue compromised

Saks Fifth Ave, Saks OFF 5th and Lord & Taylor suffered a point-of-sale (POS) data breach that exposed more than 5 million credit and debit cards numbers, compromised the entire Lord & Taylor fleet as well as 83 Saks full-line stores and could date as far back as May 2017, according to a post from cybersecurity firm Gemini Advisory, which first identified the breach.

All of the USA locations of the retail chains have been compromised, the company said, with the majority of stolen credit card information coming from stores in NY and New Jersey.

Hudson's Bay Co., which owns all three stores, has set up information on their websites for consumers, but many shoppers, whether they were impacted by the breach or not, are concerned.

After breaches previously by the JokerStash, the hackers released data from credit cards in small batches in order to avoid a flooding of the market of payment data that was illegally obtained, said online security experts.

We still don't know how the malware was installed in the stores' checkout systems, though Gemini thinks the hackers used phishing attacks that targeted company employees, thereby giving the attackers a backdoor into the systems.

Gemini Advisory said Sunday that it had found data that had been stolen from as early as March 2017, and as late as March 2018. "We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores", the company wrote.

These are not the only chains hit by the hacker group, but this is the largest data breach that hit retail companies.

The theft is one of the largest known breaches of a retailer and shows just how hard it is to secure credit-card transaction systems despite the lessons learned from other large data breaches, including the theft of 40 million card numbers from Target in 2013 and 56 million card numbers from Home Depot in 2014. Saks plans to offer credit and web monitoring services free of charge to anyone affected by the breach.

HBC is encouraging customers and patrons of the two retail stores to review their account statements and get in touch with their issuing banks quickly if they notice unknown activities or suspicious transactions in their account.

The hack comes on the heels of other major security breaches at companies across the country in the last five years. Close to 148 million consumers in the USA had personal info stolen, including driver's licenses, as part of last year's breach of Equifax the credit-rating company.

Gemini urged all brick-and-mortar stores to switch from magnetic stripe card machines to Europay Mastercard and Visa, or EMV, terminals, which are able to verify purchases through a microchip in the physical card itself.

Like this: