Saks Fifth Avenue & Lord & Taylor Pwned…. Payment Card Info Swiped

It appears that there has been a data breach at luxury retailers Saks Fifth Avenue and Lord & Taylor where payment card info was swiped by hackers. The bad part is that someone outside of HBC which owns the retailers in question found the breach:

Dmitry Chorine, the co-founder of Gemini Advisory, said his firm works to improve response to data breaches by analyzing stolen data that appears on the so-called dark web.

Chorine said the firm started looking into the breach when they noticed an influx of stolen credit and debit card information being offered for sale on the dark web last week.

Upon analyzing the data, Chorine said they were able to determine that shoppers at all Lord & Taylor and at certain Saks Fifth Avenue locations were at risk of having their information stolen.

“On March 28, we saw a significant spike of stolen credit cards offered for sale on one of the marketplaces,” said Chorine.

“When we checked, we saw there was an advertisement stating that more than 5 million credit and debit cards will be offered for sale, and that’s when we decided to research this particular breach.”

The data that Chorine and his team found was being offered on a dark web marketplace operated by a hacking group called JokerStash, which Chorine says has been active in hacking retail and hospitality companies for the past three years.

When someone else outside your organization tells you about your bad news, that’s pretty bad. But it gets worse:

Gemini Advisory said Sunday that it had found data that had been stolen from as early as March 2017, and as late as March 2018.

Well, HBC was clearly asleep at the switch. Here’s why that is:

He said that only certain Saks Fifth Avenue locations were affected because the outlet was in the process of switching from card-swipe technology to EMV chip technology, which is already commonly used in Canada. 

That apparently wasn’t enough to stop three Saks stores in the Greater Toronto Area from being exposed to this data breach. The stores are:

  • Sherway Gardens in Toronto
  • Bramalea City Centre in Brampton, Ont.
  • Pickering Town Centre in Pickering, Ont.

The usual advice applies in this case. If you shopped at one of these stores during the time period that I mentioned above, or any Saks Fifth Avenue and Lord & Taylor location, review their account statements to ensure there hasn’t been activity or transactions they don’t recognize. If you see anything weird, call your bank and get your card swapped ASAP.

Meanwhile, I hope that parent company HBC has a very good explanation as to why this happened and how they will stop future pwnage from happening.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: