Hackers skim 5m payment cards from Saks chain


By Dylan Bushell-Embling
Tuesday, 03 April, 2018


Hackers skim 5m payment cards from Saks chain

US department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor have fallen victim to a data breach involving the theft of customer payment data.

The stores' parent company Hudsons Bay Corporation disclosed on Sunday that the company had become aware of a breach incident involving payment information at the affected stores.

Cybersecurity company Gemini Advisory said the breach was announced on Wednesday by notorious hacking syndicate JokerStash, also known as Fin7. The syndicate has revealed plans to dump more than 5 million stolen payment cards for sale on the dark web.

Gemini Advisory said the attack appears to have impacted the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations, with the majority of stolen cards obtained from locations in New York and New Jersey.

So far 125,000 records have been released for sale, but the entire cache is expected to be made available in the following months. Preliminary analysis suggests that criminals were siphoning payment information from May 2017 until a few days ago, when Hudsons Bay closed the security hole.

“The theft of five million payment cards is undoubtedly among the most significant credit card heists in modern history, and will negatively affect a large number of consumers in North America [as well as international travellers who have shopped at the stores],” Gemini Advisory said.

“This recent breach once again emphasises the importance of a transition to the more secure EMV POS terminals in retail operations. Although many large retailers managed to migrate entirely from older generation magstripe terminals to EMV in 2017, several nationwide chains still have not done so.”

Hudsons Bay said it plans to notify impacted customers and offer them free identity protection services, including credit and web monitoring. There is no indication that the company’s e-commerce or other digital platforms were affected.

Image credit: ©stock.adobe.com/au/stokkete

Follow us and share on Twitter and Facebook

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd