Hackers have stolen debit and credit card information from about 5 millions Saks Fifth Avenue and Lord & Taylor customers in what’s being called one of the largest data breaches to hit retail companies.The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday.
The company said it was investigating and taking steps to contain the attack, which could also affect people who shopped at Saks Off Fifth.
The information was stolen from people who shopped in 130 stores, mostly in New Jersey and New York, after employees accidentally clicked on cleverly crafted phishing emails, the Associated Press said. Once an employee clicks on an attachment, which is often made to look like an invoice, the system gets infected. The hackers, who began stealing information in May 2017, have already placed at least 125,000 credit card numbers for sale on the dark web.
New York-based security firm Gemini Advisory described the hack as among “the biggest and most damaging to ever hit retail companies.”
Only customers who made their purchases in-store may be affected. People who shopped online didn’t have their information accessed. Customers are advised to check their accounts for any suspicious activity. HBC said in a statement that it “deeply regrets any inconvenience or concern this may cause.”
The Associated Press contributed to this report. Jeff Goldman may be reached at firstname.lastname@example.org. Follow him on Twitter @JeffSGoldman. Find NJ.com on Facebook.
Originally Posted at: http://www.nj.com/business/index.ssf/2018/04/credit_card_info_stolen_from_5_million_lord_taylor.html