According to the New York Times, “a well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor.”
The “breach” – which the hackers dubbed “BIGBADABOOM-2”, because of course they did – was first discovered by a cybersecurity research firm called Gemini Advisory, and the data “appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month.”
And, it appears the stolen information is already up for sale. Gemini told the Times that “Russian-speaking hackers known as Fin7 or JokerStash posted online on Wednesday that it had obtained a cache of five million stolen card numbers… [and] offered 125,000 of the records for immediate sale.”
After news of the hacking broke, Hudson’s Bay (Saks and L&T’s parent co) issued a statement that said, “We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America. We have identified the issue, and have taken steps to contain it.”
And while they “declined to identify how many customer accounts or stores were affected,” the company did say that “its e-commerce platforms appeared to have been unaffected by the breach.” The investigation is still ongoing, however, so who knows what else will be uncovered.
More information for customers (if you happen to be one) is available on “dedicated pages” online.
You can read more about it at The New York Times.