NEW YORK – The Hudson's Bay Retail Group on Sunday announced it had been the victim of a security breach that had manipulated data at Saks Fifth Avenue and Lord & Taylor in North America
A cybersecurity firm said there was evidence that millions of cards were compromised, making the infringement one of the largest with payment cards in the past year, but the company added that it was too early to confirm if this is the case.
The Toronto-based retailer said in a statement that it had "taken steps to curb the infringement" but had not claimed its network had been successful. Hudson's Bay also did not say when the break began or how many credit card numbers were awarded.
"As soon as we have more clarity about the facts, we will quickly inform our customers and provide free identity protection services, including credit, and web surveillance to data subjects," the statement said.
A company spokeswoman declined to work out.
The break comes as Hudson's Bay tries to improve its financial performance as a harsh retail environment weighed on sales and margins. In June, she launched a transformation plan to cut costs and work to monetize the value of her substantial real estate holdings.
Hudson's Bay announced the incident after Gemini Advisory, a New York-based cybersecurity firm, reported on its blog Saks and Lord & Taylor had been hacked by a well-known criminal group called JokerStash.
JokerStash, which sells stolen data on the criminal underground, said on Wednesday that it had planned to release more than 5 million stolen credit cards, Gemini Englisch: www.germnews.com/archive/eng/1995/02/. The hacker group has so far released about 125,000 payment cards, of which about 75 percent come from the Hudson Bay units, said Korine Reuters by phone.
The 5 million card numbers that JokerStash was supposed to release probably come from Saks and Lord & Taylor, but it's too early to say for sure, Chorine said.
"It's hard to judge right now, especially because hackers have not published all the cards in a batch," he told Reuters.
Alex Holden, Chief Information Security Officer of cyber security firm Hold Security, confirming that JokerStash's 125,000 cards have been released
The theft of millions of records would make the break one of the largest that included payment cards in the past year, but it would still be much smaller than any of the biggest thefts ( From 2006 to 2008, hackers stole more than 130 million credit cards from credit card processor Heartland Payment Systems, convenience store operator 7-Eleven, and food retailer Hannaford Brothers]. Cybercriminals stole approximately 40 million payment cards from Target and 56 million from Home Depot in 2013 Year 2014.
Hudson's Bay said there is no indication that this is egg A recent breach involved online sales at Saks and Lord & Taylor Outlets or its Hudson's Bay, Home Outfitters or HBC Europe units.
The company said that customers are not responsible for any fraudulent charges that result from the infringement.