Hudson’s Bay Co. says Saks Fifth Avenue stores affected by data breach

Some customer payment card information may have been stolen from shoppers

Hudson’s Bay Co. is the latest Canadian company to be hit with a data breach, saying that customer payment card information may have been stolen from shoppers at certain Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor stores in North America.

A spokesperson for retailer would not comment on whether any specific Canadian locations were affected, but did say there is no indication the breach affects any of HBC’s other digital platforms, Hudson’s Bay stores or Home Outfitters locations.

HBC released little information on the breach itself on Sunday, but a New York-based cybersecurity firm said it had analyzed the available data and found that information from five-million credit cards had been compromised.

Gemini Advisory LLC said in a report that the information was stolen from 83 Saks Fifth Avenue or Saks Off Fifth stores, and from all Lord & Taylor locations.

The firm found that three Canadian Saks locations were exposed to the breach: Sherway Gardens in Toronto, Bramalea City Centre in Brampton, Ont. and Pickering Town Centre in Pickering, Ont.

Dmitry Chorine, the co-founder of Gemini Advisory, said his firm works to improve response to data breaches by analyzing stolen data that appears on the so-called dark web.

Chorine said the firm started looking into the breach when they noticed an influx of stolen credit and debit card information being offered for sale on the dark web last week.

Upon analyzing the data, Chorine said they were able to determine that shoppers at all Lord & Taylor and at certain Saks Fifth Avenue locations were at risk of having their information stolen.

“On March 28, we saw a significant spike of stolen credit cards offered for sale on one of the marketplaces,” said Chorine.

“When we checked, we saw there was an advertisement stating that more than five-million credit and debit cards will be offered for sale, and that’s when we decided to research this particular breach.”

The data that Chorine and his team found was being offered on a dark web marketplace operated by a hacking group called JokerStash, which Chorine says has been active in hacking retail and hospitality companies for the past three years.

Gemini Advisory said Sunday that it had found data that had been stolen from as early as March 2017, and as late as March 2018.

He said that only certain Saks Fifth Avenue locations were affected because the outlet was in the process of switching from card-swipe technology to EMV chip technology, which is already commonly used in Canada.

Stores that had already implemented chip machines would likely not be exposed to the data breach, Chorine said.

Chorine urged any consumers who had shopped at Saks Fifth Avenue or Lord & Taylor stores in the past year to take preventative measures against fraud.

“They should probably call their banks and replace their cards,” said Chorine. ”That would probably be the best preventative action they could take, instead of just waiting.”

For now, HBC is asking clients to review their account statements for activity or transactions they don’t recognize.

The company said it’s investigating and taking steps to contain the attack, and clients will not be responsible for any fraudulent charges as a result of the breach.

It said it will offer free identity protection services to those affected once they learn more about the breach.

Salmaan Farooqui, The Canadian Press

Just Posted

CATena offers glimpse into Central Alberta Theatre’s new season

Visitors can also check out Memorial Centre refurbishments

Crews respond to diesel spill in Penhold

Individuals transferred diesel from one truck to the other

Local filmmaker works on documentary featuring women farmers

Red Deer woman receives $50,000 grant from STORYHIVE to produce documentary

Red Deer Rebels lose to Edmonton Oil Kings 4-1 at home opener

General Manager and Coach Brent Sutter said team ‘played hard’

Thurber Raiders snatch season opener from the Lacombe Rams

Red Deer game saw 44-8 win for the Raiders

Environment Canada confirms Ottawa area hit by two tornadoes Friday

At one point more than 200,000 hydro customers were blacked out

Yowza! Twerk, emoji and facepalm are added to Scrabble dictionary, OK?

Merriam-Webster has announced 300 new words have been added to the spelling game

Man attempts to stop fight in Wetaskiwin, gets stabbed: RCMP

Wetaskiwin RCMP looking for two suspects involved in assault with a weapon

Cities make power play for new fiscal order with eye to 2019 federal election

Trudeau ordered Champagne to talk with provinces and territories about ways to “address the timeliness of the flow of funds” to projects.

Ottawa area residents take stock of tornado rubble as Ford tours the ruins

A tornado on Friday afternoon tore roofs off of homes, overturned cars and felled power lines in the Ottawa community of Dunrobin and in Gatineau, Que.

Trudeau arrives at United Nations, hoping to re-establish Canada on world stage

Trudeau is beginning his day at the opening of the Nelson Mandela Peace Summit, where he’s scheduled to deliver brief remarks later this afternoon.

Trump drains oxygen from Trudeau foreign policy with PM, Freeland bound for UN

A lot has changed since the Liberals came to power in Canada in 2015

Coaches, players on Alberta university rugby team buckle up for the Broncos

16 people died when Humboldt Broncos bus collided with a semi-truck in rural Saskatchewan

The Vatican ‘owes God an apology,’ activist says in letter to Pope Francis

Letter came after a report on sexual abuse of more than 1,000 children in six Pennsylvania dioceses

Most Read