A data breach at department stores Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who have shopped in stores.
The Chains "Based in Canada, Hudson's Bay Co., Inc. announced that it had violated its payment systems on Sunday, and announced that it was investigating and taking steps to stem the attack.  The revelation came after New York-based security firm Gemini Advisory LLC revealed on Sunday that a hacker group called JokerStash or Fin7 was boasting on dark websites last week selling up to 5 million stolen credit and debit cards, hackers calling their stash BIGBADABOOM -2 While the size of its holdings remains unclear, approximately 125,000 records were immediately released for sale.
The security firm confirmed with several banks that many of the compromised records were from Saks and Lord & Taylor customers.
Hudson & # 39 ; s Bay said in a statement that it "deeply regrets any inconvenience or concern", but it has not No, how many Saks or Lord & Taylor stores or customers were affected. The company said that there is no indication that the infringement has affected its online shopping sites or other brands, including the Home Outfitters chain or the Hudson's Bay stores in Canada.
The company said that customers are not responsible for fraudulent charges. It is proposed to offer free credit monitoring and other identity protection services.
There is evidence that the injury began about a year ago, said Dmitry Chorine, co-founder and Chief Technology Officer of Gemini Advisory. He said that the prolific hacker group has previously targeted large hotel and restaurant chains.
The break follows last year's high-profile hack of credit bureau Equifax, which revealed the personal data of millions of Americans. However, this latest violation is more similar to previous trade violations targeting the Home Depot to Target and Neiman Marcus point-of-sale systems.
Chorine said the typical method of hacking is clever deft phishing to send emails to company employees, especially executives, supervisors and other key decision makers. Once an employee clicks on an attachment that often looks like an invoice, the system becomes infected.
"For a full year, criminals were able to sit on the network of Lord & Taylor and Saks and steal data," he said.
Chorine said most of the stolen credit cards had been sourced from stores in New York's metropolitan area and other northeastern US states. It's possible, he said, that these businesses had not yet implemented the safer credit card payment systems rolled out elsewhere.
Hudson's Bay advises clients who want more information about the security breach to create safety-related websites for Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor
Copyright 2018 The Associated Press. All rights reserved. This material may not be published, transmitted, rewritten or redistributed.