Gemini Advisory revealed that JokerStash an online crime syndicate, Fin7, hacked 83 Saks Fifth Avenue (Off 5th included) stores databases and the entire Lord & Taylor network—and stole over 5 million payment cards and are planning to sell them.
Stores located in New York and New Jersey were the most affected by the breach but three stores in Canada could have also been impacted as well.
As of right now only 125,000 the cards have been sold on the Dark Web but it is expected the rest of the cards will make their way into the black market in the upcoming months ahead. The breaches of the store’s systems occurred back in May 2017, but they could still be going on as of today. Canada’s Hudson’s Bay Company, Saks, and Lord & Taylor’s parent company confirmed the breaches have taken place and said “taken steps to contain” the hacks.
Customers will receive free credit monitoring as well as other identity protection services once they have “more clarity around the facts,” HBC said. JokerStash hacker group is well-known and were behind other data breaches of Whole Foods, Chipotle, and Omni Hotels. To avoid detection from bank investigators they slowly dribble out cards which also maximizes the going price for them.
Large-scale data breaches are not slowing down anytime soon and we surely expect even more as time goes along. As for Saks, this isn’t the first time they were in the news when it comes to customer data. In March of 2017, BuzzFeed reported that the company was storing customer data except for payment info in plain text on its servers. This newest breach only adds to the embarrassment and now the company will have to work extra hard to regain their customer’s trust.