Lord & Taylor, Saks Fifth Avenue and Saks Off 5th have been hit with a data security breach, parent company Hudson’s Bay Co. said today.
An HBC investigation is underway to determine the extent of the situation, which involved customer payment card data. The company does not believe its e-commerce or other digital platforms were impacted. Hudson’s Bay, Home Outfitters and HBC Europe stores also were unaffected, HBC said.
According to New York-based cyber security firm Gemini Advisory, debit and credit card information was stolen from more than five million customers who shopped in North American store locations. (HBC didn’t comment about the number of people impacted.)
“The company deeply regrets any inconvenience or concern this may cause. HBC wanted to reach out to customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter. HBC has identified the issue, and has taken steps to contain it,” the company wrote in a statement.
The retailers were hacked by Fin7, a JokerStash syndicate, which offered credit cards for sale on the dark web, according to Gemini Advisory. The Wall Street Journal first reported the details of Gemini’s report earlier today.
The news comes just days after Under Armour announced it would investigate a data security issue that impacted more than 150 million users of its MyFitness Pal app and website. And a Target data breach that affected over 40 million consumers during the Christmas 2013 holiday season resulted in an $18.5 million company payout to shoppers last May.
In the coming days, HBC will make customer service representatives available to shoppers who desire more information. The company plans to offer impacted consumers free identity protection services, including credit and web monitoring.
“[We are] working rapidly with leading data security investigators to get customers the information they need, and the investigation is ongoing. HBC is also coordinating with law enforcement authorities and the payment card companies,” the HBC statement said.
The retail giant encouraged consumers to review their accounts and contact their card issuers if they recognize any unfamiliar transactions.
Court Reopens 2012 Zappos Data Breach Litigation