5 million payment cards have been compromised in another breach. This time, customers from Saks Fifth Avenue and Lord & Taylor have been affected.
While March may have gotten off to a slow start and ended with a bang in terms of data breaches and leaks, April seems to not be messing around. On April 1, the retail stores parent company admitted that their systems were compromised. The Hudson’s Bay Company said that Saks Fifth Avenue and Lord & Taylor were the victims of a data breach and that 5 million payment cards were compromised as a result.
Reports also indicate that JokerStash (AKA Fin7) claimed responsibility and put the payment cards on sale on the dark web. From CNET:
Security researchers from Gemini Advisory said the majority of the stores affected were in New York and New Jersey, and the problem started in May 2017, ending when the breach was discovered. The hackers, from a group called JokerStash, also known as Fin7, put up more than 5 million stolen credit and debit cards for sale on the dark web, the researchers said.
The hacking group is also allegedly behind the breaches against Whole Foods, Chipotle and Trump Hotels. The researchers said that this was one of the “most damaging to ever hit retail companies.”
While initial reports suggested that there was no indication that Canadian retail stores were affected, later reports came out to say that there were locations in Canada affected by the breach. On report suggests that 3 Saks locations in Canada were exposed as well.
The frequency of data breaches and leaks seem to be increasing in recent weeks. For the month of March, things were relatively quiet at the beginning. Unfortunately, things picked up half way through starting with the MBM Company data leak where 1.3 million customers were exposed. From there, a New York hospital had 135,000 records exposed in a data breach. After that, Orbitz was hit with a data breach of their own, exposing 880,000 customers as well. March ended with a bang after that with 150 million customers compromised in the MyFitnessPal data breach.
One thing is for sure, April is definitely starting things off early with a data breach right on the first. While there is no way to tell how things will go from here, we certainly are not off to a good start as far as security is concerned.