On April 1, HBC confirmed a report that hackers had breached payment systems in its Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. As many as five million shoppers may have been affected by the breach, according to the Wall Street Journal report. HBC has not revealed how many accounts have been exposed, but noted in a statement that it “has identified the issue and has taken steps to contain it.”
While HBC didn’t reveal the specific data that may have been compromised, the retailer said there is no indication that Social Security or Social Insurance numbers, driver’s license numbers or PINs have been affected by the breach.
EMV Didn’t Protect This Data
Hudson’s Bay said all Saks Fifth Avenue and Saks Off 5th stores had EMV systems installed by the fall of 2016, while Lord & Taylor stores were equipped with the system by February 2017. Yet even with the technology, the retailer still suffered from a significant security gap.
“The problem organizations have is the actual identification of a breach or infection, especially in a reasonable time frame,” said Terry Ray, CTO of Imperva, in commentary provided to Retail TouchPoints. “Most attacks are designed to run under the radar and the methods of breach constantly evolve. This requires that cybersecurity teams have effective funding, adequate staff and vast expertise. Sadly, none of those three are common. Usually, cybersecurity teams are underfunded, until a breach; then they get a little extra money. Their teams are generally small and stretched thin. Given all the areas than can be attacked, security team members need broad technology knowledge which makes them highly desirable in the marketplace, going back to the underfunded point.”
A hacking group called JokerStash Syndicate has been releasing stolen card data for sale on the “dark web,” a network of web sites used by hackers and others to anonymously share information, according to Gemini Advisory LLC, a New York-based cybersecurity firm. The hackers began stealing the card numbers in May 2017, the firm estimates. Approximately 125,000 records have been released for sale, although Gemini expects the entire cache to become available in the following months.
Based on the analysis of the available data, all 50 Lord & Taylor stores and 83 Saks Fifth Avenue locations have been compromised.
The breach comes as HBC struggles to improve its financial performance amid declines in sales and margins. In June, the retailer launched a transformation plan to cut costs and is working to monetize the value of its substantial real estate holdings.
The unveiling of the breach comes shortly after Under Armour revealed that cybercriminals compromised its MyFitnessPal mobile app, affecting approximately 150 million accounts.These recent breaches follow last year's high-profile hack of credit bureau Equifax, which exposed the personal data of as many as 143 million Americans.
- HBC To Shutter Home Outfitters Chain, Up To 20 Saks OFF 5TH Stores
- Walmart Teams Up With Fanatics Sports Apparel Site
- Saks Fifth Avenue Targets Facebook Shoppers With Holiday Gift Guide Chatbot
- Macy’s Reveals Two-Month-Long Data Breach
- Hudson’s Bay Sells Gilt To Rue La La, Vacates Lord & Taylor NYC Flagship Store
Latest from Glenn Taylor
- Brandless Co-Founder Relinquishes CEO Role But Will Co-Chair Board
- Nine West Holdings Exits Bankruptcy, Renames Itself Premier Brands Group
- Starbucks Invests $100 Million In Food, Retail Startup Venture Fund
- With U.S. Growth Uncertain, Global Commerce Offers New Opportunities
- IKEA Scouts Potential Mexico Locations, Introduces NYC ‘City Center’ Store