On April 1, HBC confirmed a report that hackers had breached payment systems in its Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. As many as five million shoppers may have been affected by the breach, according to the Wall Street Journal report. HBC has not revealed how many accounts have been exposed, but noted in a statement that it “has identified the issue and has taken steps to contain it.”
While HBC didn’t reveal the specific data that may have been compromised, the retailer said there is no indication that Social Security or Social Insurance numbers, driver’s license numbers or PINs have been affected by the breach.
EMV Didn’t Protect This Data
Hudson’s Bay said all Saks Fifth Avenue and Saks Off 5th stores had EMV systems installed by the fall of 2016, while Lord & Taylor stores were equipped with the system by February 2017. Yet even with the technology, the retailer still suffered from a significant security gap.
“The problem organizations have is the actual identification of a breach or infection, especially in a reasonable time frame,” said Terry Ray, CTO of Imperva, in commentary provided to Retail TouchPoints. “Most attacks are designed to run under the radar and the methods of breach constantly evolve. This requires that cybersecurity teams have effective funding, adequate staff and vast expertise. Sadly, none of those three are common. Usually, cybersecurity teams are underfunded, until a breach; then they get a little extra money. Their teams are generally small and stretched thin. Given all the areas than can be attacked, security team members need broad technology knowledge which makes them highly desirable in the marketplace, going back to the underfunded point.”
A hacking group called JokerStash Syndicate has been releasing stolen card data for sale on the “dark web,” a network of web sites used by hackers and others to anonymously share information, according to Gemini Advisory LLC, a New York-based cybersecurity firm. The hackers began stealing the card numbers in May 2017, the firm estimates. Approximately 125,000 records have been released for sale, although Gemini expects the entire cache to become available in the following months.
Based on the analysis of the available data, all 50 Lord & Taylor stores and 83 Saks Fifth Avenue locations have been compromised.
The breach comes as HBC struggles to improve its financial performance amid declines in sales and margins. In June, the retailer launched a transformation plan to cut costs and is working to monetize the value of its substantial real estate holdings.
The unveiling of the breach comes shortly after Under Armour revealed that cybercriminals compromised its MyFitnessPal mobile app, affecting approximately 150 million accounts.These recent breaches follow last year's high-profile hack of credit bureau Equifax, which exposed the personal data of as many as 143 million Americans.
- Le Tote Names President Of Lord + Taylor, Finalizes Purchase
- Hudson’s Bay Co. To Be Taken Private By Shareholders
- Reuters Report: Authentic Brands Group Bids $270 Million For Barneys
- Le Tote Buys Lord + Taylor For Nearly $100 Million
- Lord & Taylor President Resigns As Parent Company Reports Weak Q1 Earnings
Latest from Glenn Taylor
- Loblaws Pilots Small-Scale Automated Fulfillment In Toronto Supermarket
- ‘Total’ DTC Success Happens Across 3 Stages: Acquisition, Sales And Engagement
- Walmart Posts 41% Online Sales Growth In Q3 As Grocery Investments Pay Off
- Zappos Launches Socially Conscious ‘Goods For Good’ Shopping Initiative
- Nike Pulls Products From Amazon; Will Other Brands Follow?