Personal data of Saks customers exposed
Email addresses, phone numbers were visible on the company’s retail website
Saks Fifth Avenue is the latest retailer to report that customers’ personal information has been inadvertently exposed online.
In this case, it was e-mail addresses and phone numbers of Saks shoppers that were visible on its retail website. The breach was first reported by BuzzFeed.
BuzzFeed said “tens of thousands of customers” were affected. E-mail addresses, phone numbers and product codes were visible “in plain text online,” BuzzFeed reported. The pages reviewed by BuzzFeed, an Internetbased media company, have since been taken offline. The exposed data were visible only via a specific link on the Saks site, one where customers went to join a wait-list for certain products.
The company that own Saks and maintains its online website, Canadian-based department store retailer Hudson’s Bay Co., acknowledged that some customer data were exposed. But it stressed that it is moving quickly to resolve the situation and that key personal data, such as credit card numbers, were not exposed.
“We take this matter seriously,” Hudson’s Bay Co. told USA TODAY in a prepared statement. “We want to reassure our customers that no credit, payment or password information was ever exposed. The security of our customers is of utmost priority, and we are moving quickly and aggressively to resolve the situation, which is limited to a low singledigit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”
Tim Erlin, a VP at cybersecurity firm Tripwire, says it’s too early to say how severe the “disclosure” at Saks will turn out to be.