On April 1, HBC confirmed a report that hackers had breached payment systems in its Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. As many as five million shoppers may have been affected by the breach, according to the Wall Street Journal report. HBC has not revealed how many accounts have been exposed, but noted in a statement that it “has identified the issue and has taken steps to contain it.”
While HBC didn’t reveal the specific data that may have been compromised, the retailer said there is no indication that Social Security or Social Insurance numbers, driver’s license numbers or PINs have been affected by the breach.
EMV Didn’t Protect This Data
Hudson’s Bay said all Saks Fifth Avenue and Saks Off 5th stores had EMV systems installed by the fall of 2016, while Lord & Taylor stores were equipped with the system by February 2017. Yet even with the technology, the retailer still suffered from a significant security gap.
“The problem organizations have is the actual identification of a breach or infection, especially in a reasonable time frame,” said Terry Ray, CTO of Imperva, in commentary provided to Retail TouchPoints. “Most attacks are designed to run under the radar and the methods of breach constantly evolve. This requires that cybersecurity teams have effective funding, adequate staff and vast expertise. Sadly, none of those three are common. Usually, cybersecurity teams are underfunded, until a breach; then they get a little extra money. Their teams are generally small and stretched thin. Given all the areas than can be attacked, security team members need broad technology knowledge which makes them highly desirable in the marketplace, going back to the underfunded point.”
A hacking group called JokerStash Syndicate has been releasing stolen card data for sale on the “dark web,” a network of web sites used by hackers and others to anonymously share information, according to Gemini Advisory LLC, a New York-based cybersecurity firm. The hackers began stealing the card numbers in May 2017, the firm estimates. Approximately 125,000 records have been released for sale, although Gemini expects the entire cache to become available in the following months.
Based on the analysis of the available data, all 50 Lord & Taylor stores and 83 Saks Fifth Avenue locations have been compromised.
The breach comes as HBC struggles to improve its financial performance amid declines in sales and margins. In June, the retailer launched a transformation plan to cut costs and is working to monetize the value of its substantial real estate holdings.
The unveiling of the breach comes shortly after Under Armour revealed that cybercriminals compromised its MyFitnessPal mobile app, affecting approximately 150 million accounts.These recent breaches follow last year's high-profile hack of credit bureau Equifax, which exposed the personal data of as many as 143 million Americans.
- Le Tote Buys Lord + Taylor For Nearly $100 Million
- Lord & Taylor President Resigns As Parent Company Reports Weak Q1 Earnings
- HBC To Shutter Home Outfitters Chain, Up To 20 Saks OFF 5TH Stores
- Walmart Teams Up With Fanatics Sports Apparel Site
- Saks Fifth Avenue Targets Facebook Shoppers With Holiday Gift Guide Chatbot
Latest from Glenn Taylor
- Activate Recap: 90% Of Enterprises Will Adopt AI By 2024, But ‘Pragmatic’ AI Will Dominate
- CMO Q&A: How CarMax Is Bridging The Online-Offline Gap In Used Car Retailing
- Neighborhood Goods Raises $11 Million Ahead Of New Store Openings
- GameStop ‘Reboots’ Business, Will Close 180 To 200 Stores By The End Of 2019
- McDonald’s Acquires Voice Ordering Platform, Will Create Tech Lab