Saks 5th Avenue data breach compromises customers' credit card info

Hudson's Bay Co. says customer payment card information was involved in a "data security issue" at certain Saks Fifth Avenue, Saks OFF 5th and Lord & Taylor stores in North America.

The company didn't say whether any Canadian locations were affected.

It says the investigation is ongoing, but there's no indication that the breach affects the company's digital platforms or Hudson's Bay and Home Outfitters stores.

HBC says there could be fraudulent charges to customers' accounts because of the breach, but adds that those customers won't be liable to pay them.

It's asking clients to review their account statements to ensure there hasn't been activity or transactions they don't recognize.

The company says it will notify customers affected by the breach as quickly as possible and will offer free identity protection services to those affected once they learn more about the breach.

The company also said there's no indication that social security numbers or driver's licence information were affected by the breach.

Hackers selling data on 125,000 credit cards

New York-based security firm Gemini Advisory LLC says that a hacking group called JokerStash announced last week that it had put up for sale more than five million stolen credit and debit cards, and that the compromised records came from Saks and Lord & Taylor customers.

The hacking group has so far released about 125,000 paymentcards, about 75 per cent of which appear to have been taken fromthe HBC-owned retailers, Gemini chieftechnology officer Dmitry Chorine told Reuters by telephone.

The bulk of the card numbers that JokerStash saidit plans to release are likely from Saks and Lord & Taylor, butit is too early to say for sure, Chorine said.

"It's hard to assess at the moment, primarily becausehackers have not released the entire cards in one batch," hetold Reuters.

Alex Holden, chief information security officer with cybersecurity firm Hold Security, confirmed that the 125,000 cards
had been released by JokerStash but said it was too soon toestimate how many had been taken from Hudson's Bay.