Skip to content

Data on 5 Million Credit Cards Stolen at Saks, Lord & Taylor

April 02, 2018
2 min read
Data on 5 Million Credit Cards Stolen at Saks, Lord & Taylor
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.
Sign up for our daily newsletter

Hackers stole data from more than five million credit cards at two major stores in what is described as one of the largest attacks ever on a retailer.

Lord & Taylor, Saks Fifth Avenue and Saks OFF 5th were hit by a cyber attack, Hudson's Bay Company, the owner of the two stores, confirmed.

The company said that it does not believe the breach affects its digital platforms Hudson's Bay, Home Outfitters, or HBC Europe.

"HBC has identified the issue, and has taken steps to contain it," Hudson's Bay Company said in a press release. "Once the Company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."

Cyber security firm Gemini Advisory who is working with HBC wrote that credit card information might have been compromised from May 2017 through the present. It also noted that 125,000 records have been released for sale on the dark web, and that it expects the rest to be available over the coming months.

"Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised," Gemini Advisory wrote. "The majority of stolen credit cards were obtained from New York and New Jersey locations."

The hack was completed by JokerStash and announced by the syndicate on March 28. JokerStash has successfully hacked Whole Foods, Chipotle, Omni Hotels & Resorts and more. Gemini added that the "attack is amongst the biggest and most damaging to ever hit retail companies."

HBC encourages customers to review their account statements and contact their card issuers immediately if they identify activity or transactions they do not recognize.

Featured image by (Photo by Shutterstock)