Saks, Lord & Taylor hit by payment card data breach

TORONTO/NEW YORK: Retailer Hudson’s Bay Co disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America. One cyber security firm said that it has evidence that millions of cards may have been compromised, which would make the breach one of the largest involving payment cards over the past year, but added that it was too soon to confirm whether that was the case.
Toronto-based Hudson’s Bay said in a statement that it had “taken steps to contain” the breach but did not say it had succeeded in confirming that its network was secure. It also did not say when the breach had begun or how many payment card numbers were taken.
“Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” the statement said. A company spokeswoman declined to elaborate.
The breach comes as Hudson’s Bay struggles to improve its financial performance as a tough retail environment has weighed on sales and margins. Last June, it launched a transformation plan to cut costs and is working to monetise the value of its substantial real estate holdings.
Hudson’s Bay disclosed the incident after New York-based cyber security firm Gemini Advisory reported on its blog that Saks and Lord & Taylor had been hacked by a well-known criminal group known as JokerStash.
JokerStash, which sells stolen data on the criminal underground, on Wednesday said that it planned to release more than 5 million stolen credit cards, according to Gemini Chief Technology Officer Dmitry Chorine.
The hacking group has so far released about 125,000 payment cards, about 75 per cent of which appear to have been taken from the Hudson’s Bay units, Chorine said by telephone.
— Reuters