Hudson Bay’s is the latest retailer to have to admit it’s been hacked, with cybercriminals stealing customer data from Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor.
“HBC has identified the issue and has taken steps to contain it, and believe it no longer poses a risk to customers shopping at our stores,” said a company statement, issued April 2. “Once the Company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”
The breach does not appear to have affected its e-commerce operations, or website Gilt, which Hudson’s Bay purchased in 2016.
The statement added HBC is working with data security services to get more information.
“HBC encourages customers to review their account statements and contact their card issuers immediately if they identify activity or transactions they do not recognize,” the statement concluded.
However, Gemini Advisory, a security company, offered a more pessimistic take on its website, calling the hack attack “among the biggest and most damaging to ever hit retail companies.”
It believes that as many as 5 million customers may have had their data exposed, and the breach hit all Lord & Taylor and 83 Saks stores, affecting transactions from May 2017 on. The majority of stolen credit cards are said to be from New York and New Jersey locations.
The company said data from 125,000 customers has already shown up for sale on the dark web.
The company has identified the hackers as a group called Joker’s Stash. The group is known to be Russian-speaking, though it’s not clear if they are actually based in Russia.
It ended by warning: “Those who shopped at the retail stores of both companies should either promptly replace their payment cards or set up transaction alerts to monitor for suspicious activity.”
Day’s Jewelers talked to JCK in 2013 for an article, “What It’s Like When Your Website Gets Hacked.”
(Image from Flickr)