Data from millions of credit and debit cards may have been stolen from Saks and Lord & Taylor stores, the stores’ parent company, Hudson’s Bay Co. (HBC), announced on April 1.
They don’t yet know the full extent of the breach, but said that customers whose data was stolen would not have to pay for fraudulent charges.
“We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores,” HBC said in a statement.
New York-based cyber security firm Gemini Advisory first disclosed the hack on its blog. Gemini said a well-known hacker group called JokerStash was responsible, and that it had advertised the sale of 5 million credit cards.
The majority of the cards were from the companies’ New York and New Jersey locations, it said.
JokerStash has so far released the details of some 125,000 cards for sale on the dark web, Gemini said, 75 percent of which appear to have come from the Hudson’s Bay companies.
“While the investigation is ongoing, there is no indication at this time that this affects the Company’s e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe,” HBC said.
Gemini’s CEO advises those affected by the breach to cancel their cards.
From The Epoch Times