Saks and Lord & Taylor stores have been victims of a security breach, according to statements released on Sunday by retailer Hudson Bay Co. The statement disclosed the fact that data from payment cards used in stores in North America had been stolen.
Cards numbering in the millions may have been compromised, according to a cyber-security firm that said it has evidence to support the claim and added that it wasn’t sure whether it was the largest breach involving payment cards in the past year.
Steps had been taken to minimize and contain the damage of the breach, according to the statement released by Hudson Bay, which is based in Canada. Although the company did not confirm whether it had succeeded in its attempts to do so, while also not verifying when the breach was initiated and how many cards had been affected by it.
The statement went on to add that the company will notify their customers, once they had gathered all the facts. The company will also be providing free identity protections services, which include web and credit monitoring, to the people impacted by the attack, however, the request to elaborate were denied by a company spokeswoman.
The breach hasn’t helped Hudson Bay, who have been struggling with their financial aspects, as sales have been affected by a competitive retail environment. In order to cut costs, a plan of transformation was launched Last June by the company, while many of its real estate holdings are being monetized.
A blog claiming that a renowned hacking group by the name of JokerStash had gained access to the data of Saks and Lord & Taylor, had been posted by Gemini Advisory, a cyber-security firm based in New York, after which Hudson Bay confirmed the news.
According to Dmitry Chorine, Chief Technology Officer of Gemini, data of more than 5 million people will be revealed by JokerStash, who made the statement on Wednesday and are known for selling stolen data, through underground criminal channels. Details of around 125,000 payment cards have been released by the hacking group, of which 75 percent belong to cars from Hudson Bay, said Chorine in a statement. He went on to add that it was highly likely that most of the 5 million cards belonged to Saks and Lord & Taylor, though he claimed that it was too early to be sure of it. He said the fact that hackers hadn’t completely released details of all the cards, made it difficult to determine the origin of the data.
The news of 125,000 cards being compromised was confirmed Alex Holden, who’s the chief information security officer of cyber-security firm Hold Security, though he said it was not confirmed how many of them belonged to Hudson Bay.
The breach, even if confirmed, won’t be larger than any of the previous ones that have occurred more than a decade ago. Between 2006 and 2008, Heartland Payment Systems, 7-Eleven and Hannaford Brothers had credit cards compromised and accessed by hackers, which totaled at more than 130 million.