Saks, Lord and Taylor Hit By Payment Data Breach

by Raymond Pucci 0


It’s déjà vu all over again—as Yogi Berra would say. News reports, confirmed by Toronto-based Hudson’s Bay, owner of both Saks Fifth Avenue and Lord and Taylor, reveal that the legacy retailers were hit in the last year by a payment card security breach. Additionally, credit and debit cardholder data is said to be for sale on the dark web.

Hudson’s Bay Co. is the latest Canadian company to be hit with a data breach, saying that customer payment card information may have been stolen from shoppers at certain Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor stores in North America.

A spokesperson for retailer would not comment on whether any specific Canadian locations were affected, but did say there is no indication the breach affects any of HBC’s other digital platforms, Hudson’s Bay stores or Home Outfitters locations. HBC released little information on the breach itself on Sunday, but a New York-based cybersecurity firm said it had analyzed the available data and found that information from five-million credit cards had been compromised.

Gemini Advisory LLC said in a report that the information was stolen from 83 Saks Fifth Avenue or Saks Off Fifth stores, and from all Lord & Taylor locations.

The firm found that three Canadian Saks locations were exposed to the breach: Sherway Gardens in Toronto, Bramalea City Centre in Brampton, Ont. and Pickering Town Centre in Pickering, Ont.

Dmitry Chorine, the co-founder of Gemini Advisory, said his firm works to improve response to data breaches by analyzing stolen data that appears on the so-called dark web.

Chorine said the firm started looking into the breach when they noticed an influx of stolen credit and debit card information being offered for sale on the dark web last week.

We’ve seen this movie before, but it takes a lot of time for the storyline to be understood. There are always many questions that arise related to when, where, and how did it happen. Don’t expect to hear the full details anytime soon—but it’s seemingly a familiar pattern, where criminals find a security weakness which results in cardholder data being available for future card-not-present sales transactions. Time will tell the true extent of the damage in this case.

Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group

Read the quoted story here

Featured Content