The payment systems for Lord & Taylor and Saks Fifth Avenue department stores were breached by hackers who stole the data from credit cards for millions of the stores’ shoppers. This is just the latest intrusion in a series that have exposed the large gaps in security in the networks of corporate America.
Hackers said they have information on more than five million credit debit and credit card numbers from shoppers at the stores and have released them for sale through the “dark web, “ a series of websites that hackers as well as others use to anonymously share that type of data. An online security firm believes the hackers starting stealing data for credit cards during May of 2017.
A spokesperson from Hudson’s Bay Co. of Canada, which is the owner of both chains, confirmed that a security breach had taken place involving payment card information of its shoppers at Lord & Taylor, Saks Fifth Avenue and Saks Off 5th in North America.
The spokesperson added that the investigation was ongoing and did not indicate the number of accounts exposed. At the current time, the company does not have any reason to believe that driver’s license or social security numbers were compromised and announced that it would notify any customers who were affected once its investigation has been completed.
The retailer added that there had been no indication currently that the breach had affected its operations online or other store brands under its control including Galeria Kaufhof located in Germany and Canada’s Hudson’s Bay chain of department stores.
Thus far, 125,000 payment cards that were used at Lord & Taylor or Saks were released online for sales by hackers, said an online security firm.
Some of those cards were used by their card owners as recently as a month ago, in one of the stores affected.
The group that carried out the hack is known as Fin 7 JokerStash Syndicate. It appears that they were able to penetrate the point of sales systems of the retailer.
After breaches previously by the JokerStash, the hackers released data from credit cards in small batches in order to avoid a flooding of the market of payment data that was illegally obtained, said online security experts.
This incident is just the latest in a series of hacks that compromised consumer information. Close to 148 million consumers in the U.S. had personal info stolen, including driver’s licenses, as part of last year’s breach of Equifax the credit-rating company. In 2013, over 40 million people had their phone numbers, addresses and names stolen in a breach at Target Corp.