Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor are the latest major retailers to have been hit with a massive data breach. A "well-known ring of cybercriminals," according to the New York Times, from a hacking group called JokerStash put five million credit and debit cards for sale last week. The records came from Saks and Lord & Taylor customers.
Hudson’s Bay Co., the parent company of the stores which is based in Canada, announced on Sunday that records of the stores' shoppers had been compromised. Gemini Advisory LLC, a cybersecurity firm based in New York, made the discovery. They said this was one of the most massive known breaches of a retailer.
In a statement, the company said, "We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America. We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring." The company said cards used for online purchases were not affected.
Hudson’s Bay Co. has not said how many stores were involved or ultimately how many customers have been affected. According to the company, affected customers will not be held liable for any fraudulent charges, and they will also provide free identity protection services.
In the released statement, Hudson's Bay said the investigation will continue. It read, "We are working rapidly with leading data security investigators to get our customers the information they need, and our investigation is ongoing. We also are coordinating with law enforcement authorities and the payment card companies."