NEW YORK—A previously announced data breach at Saks Fifth Avenue, Saks Off 5th and Lord & Taylor locations in the United States lasted about nine months before it was detected and shut down last month, the stores' parent company, Hudson's Bay Co., said.
The Toronto-based retail company announced the breach on April 1 but provided few details at the time. It said that the breach began as early as July 1 last year but has been contained since March 31, CBC reported.
HBC chief executive Helena Foulkes, who joined the company in February, said that the company regrets any concern caused by this issue.
"Throughout this process, we have made it our goal to work quickly to provide support and information to our customers and we will continue to serve them with that same dedication," Foulkes said in a statement.
HBC now says the breach was caused by malware, a type of software inserted into its system to collect customer payment card information, including cardholder name, payment card number and expiration date, CBC reported.
"The company wants to reassure affected customers that they will not be liable for fraudulent charges that may result from this matter," it said in the statement.
It also said that it has arranged to provide potentially affected customers with identity protection services at no cost to them, including credit and web monitoring.