NEW YORK–A data breach has been announced by the department stores Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor, all of which are owned by Canada-based Hudson’s Bay Co.
The company announced the breach after New York-based security firm Gemini Advisory LLC revealed that a hacking group known as JokerStash or Fin7 had begun boasting on dark websites that it had data for sale related to as many as five-million stolen credit and debit cards. The hackers named their stash BIGBADABOOM-2. Approximately 125,000 records were immediately released for sale.
Gemini Advisory said it confirmed with several banks that many of the compromised records came from Saks and Lord & Taylor customers.
In a statement, Hudson’s Bay said it “deeply regrets any inconvenience or concern this may cause,” but it declined to say how many Saks or Lord & Taylor stores or customers were affected. The company did say there is indication that the breach affected its online shopping websites or other brands, including the Home Outfitters chain or Hudson’s Bay stores in Canada.
The company said it plans to offer free credit monitoring and other identity protection services.
Gemini Advisory said it believes the breach began approximately one year ago and that the suspicion is the hackers used clever phishing emails to gain access.