New York Post

Big data shoplift

Hackers hit Saks and Lord & Taylor records

- By JOSH KOSMAN jkosman@nypost.com

Hackers have stolen the records of up to 5 million credit and debit cards, including at certain New York and New Jersey Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores, a cybersecur­ity firm said Sunday.

Hudson’s Bay Co., parent of the department stores, is investigat­ing the situation, it said.

“Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” the company said in a statement shortly after the cybersecur­ity company, Gemini Advisory, made news of the hack public.

“We encourage our customers to review their account statements and contact their card issuers immediatel­y if they identify activity or transactio­ns they do not recognize,” the retailer said.

Hudson’s Bay is examining whether the problem included those using company and non-company-issued credit cards.

There is no indication the breach affected online customers, it said.

For Hudson’s Bay, this is the second embarrassi­ng breach in about a year.

Last March, tens of thousands of Saks’ customers’ addresses and phone numbers were inadverten­tly put on the retailer’s Web site.

At the time Hudson’s Bay said, “The security of our customers is of utmost priority.”

Gemini Advisory alleges the thief this time is known as Joker-Stash or Fin7. The hackers sent phishing e-mails to company employees.

If the recipient clicked on the attachment, which is meant to appear as an invoice, the hackers infected the system, according to the Associated Press.

Hudson’s Bay told The Post its informatio­n security program is a mix of in- dustry-leading, third-party security services and global, in-house staff support.

Last June, Hudson’s Bay announced it laid off 2,000 workers in an effort to cut costs. It is unclear if any were in informatio­n security.

“Security is always the first thing to get cut,” said Harry Houck, the former head of fraud investigat­ions at Citigroup, making it clear he did not know if this was the case at Hudson’s Bay.

Credit card users who believe they were hacked should demand from their bank a new credit card and PIN number or cancel their cards, Houck said.

Those who buy hacked cards sometimes do not use the stolen informatio­n for several years, Houck said.

“People get hit in these attacks three years later who didn’t cancel their cards,” Houck said.

Restoring customer confidence will be a test for new Hudson’s Bay Chief Executive Helena Foulkes, former president of CVS Pharmacy, who only took the helm Feb. 19.

The Toronto company’s shares have fallen from C$10.71 a year ago to C$8.92 on Friday.

?? ?? RETAIL RIPOFF: Hudson Bay Co., owner of Saks and Lord & Taylor, said the breach hit Saks Off 5th, Saks Fifth Avenue and Lord & Taylor stores in North America.
RETAIL RIPOFF: Hudson Bay Co., owner of Saks and Lord & Taylor, said the breach hit Saks Off 5th, Saks Fifth Avenue and Lord & Taylor stores in North America.

Newspapers in English

Newspapers from United States