According to CBC News Canada, the “data security issue” involved customer credit card information at Saks Fifth Avenue, Saks OFF 5th and Lord & Taylor stores in North America. The company did not say whether stores in Canada were affected by the breach.
In a news release today, Hudson’s Bay Company said: ” While the investigation is ongoing, there is no indication at this time that this affects the Company’s e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe.”
The data breach was announced after New York-based security firm Gemini Advisory LLC revealed on Sunday that a JokerStash hacking syndicate had announced the release for sale of over five million stolen credit and debit cards on March 28, 2018.
Gemini, in cooperation with several financial organizations, was able to confirm “with a high degree of confidence” that the compromised records did come from customers of Saks Fifth Avenue and Lord & Taylor stores. Gemini also confirmed the data breach had been going on since May 2017 up to the present time.
Dmitry Chorine, Gemini Advisory’s co-founder and chief technology officer told the Associated Press the hackers were able to send carefully crafted phishing emails to company employees, usually disguised as invoices. Once the employee clicked on the email, the system was infected.
Chorine said, “For an entire year, criminals were able to sit on the network of Lord & Taylor and Saks and steal data.”