Massive Saks / Lord & Taylor Breach Hits Five Million Cards
Bad news for anyone who’s got either a Saks or Lord & Taylor store credit card; there’s a pretty fair chance you were hit in one of the latest data breaches. How fair? Turns out hackers landed information for over five million cards—both credit and debit—total, and though parent company the Hudson’s Bay Company is on the case, it will still bear some uncomfortable watching and waiting for the next few weeks.
The breach was said to affect not only Saks Fifth Avenue locations, but also Saks Off 5th and Lord & Taylor, around 130 total branches throughout the United States. The cards affected were used for in-store purchases, at last report, so those who merely shopped those brands online should be safe. What’s more, the majority of card data was stolen from users in the New Jersey and New York areas, so those outside that surprisingly narrow band may well be safe too.
The Hudson’s Bay Company, meanwhile, has not only “…identified the issue…”, but has also “…taken steps to contain it.” It’s also cooperating with law enforcement on investigations.
This is about the best news that could be derived from such an event, which Gemini Advisory, a cybersecurity firm, is referring to as “…amongst the biggest and most damaging to ever hit retail companies.” Reports note that credit card data from the firms going back as far as May 2017 was recently found up for sale on the dark web last week. The hackers involved were said to also be involved in the Chipotle, Trump Hotels and Whole Foods breaches.
It’s another sock in the mobile payments-security teeth, which is exactly what didn’t need to be socked right now. Security has long been one of if not the biggest sticking points on getting people interested in mobile payments. Events like these don’t help the picture any, but thankfully, there’s some quick work in remedying the process going on. Hopefully Hudson’s Bay will be releasing more information soon about making good on customers impacted by the breach.
Breaches, sadly, are inevitable. This is why companies should be working more on encryption than perimeter defense, but as long as companies clean up the resulting mess, the damage to the consumer should be minimal.