Over the weekend, parent company Hudson’s Bay Co. (HBC) informed the public that three Canadian locations of the department store Saks Fifth Avenue were impacted by a data breach. A cybersecurity firm based in New York has come forth with some key details.
Not much information was released to the public by HBC as of Sunday, but another company, Gemini Advisory LLC said that based on the data it obtained, five million credit cards connected to the high-end department store had been compromised.
In Gemini’s report, they detail that the sensitive information was stolen from a few connected brands, including “83 Saks Fifth Avenue or Saks Off Fifth stores, and from all locations of Lord & Taylor, a U.S. department store chain owned by HBC.”
Three Canadian Saks locations were exposed to the breach; they’re all in Ontario:
HBC has not mentioned whether any Canadian Hudson’s Bay or Home Outfitters locations were targeted.
Gemini Advisory says cybersecurity firms can work to discover data breaches by “analyzing stolen data appearing on the so-called dark web.” The dark web is where hackers sell their stolen data at an anonymous level.
Gemini said, “the firm started looking into the breach when it noticed an influx of stolen credit and debit card information being offered for sale on the dark web last week.”
They saw a significant spike of stolen credit cards for sale on one of the dark web’s marketplaces as of March 28th. The hacking group that was behind the credit card sales is called JokerStash, which has a history of “hacking retail and hospitality companies for the past three years.”
Gemini said that about 75% of the 125,000 payment cards “appear to have been taken from the HBC-owned retailers.”
“HBC said there could be fraudulent charges to customers' accounts because of the breach, but added those customers won't be liable to pay them.
It's asking clients to review their account statements to see if there have been activity or transactions they don't recognize.
The company said it will notify customers affected by the breach as quickly as possible and will offer free identity protection services once they learn more about the breach.
The company also said there's no indication social security numbers or driver's licence information were affected by the breach. “