If you shop at Saks Fifth Avenue or Lord and Taylor’s, you should pay close attention to your account activity.
The owner of Saks and Lord & Taylor, Canadian corporation Hudson’s Bay, announced that there has been a security breach involving customer payment card data at certain department stores across the country.
Gemini Advisory, the cybersecurity firm that discovered the breach said that more than 5 million credit and debit card accounts were stolen and that 125,000 of those accounts were put up for sale on the dark web. According to the security firm, they estimate the Saks security breach could have begun in May 2017.
According to Hudson’s Bay, they are working to make sure the issue is under control.
“We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores,” a spokesperson from Hudson’s Bay said in a statement Monday.
Saks Fifth Avenue locations affected
Gemini Advisory notes that 83 Saks Fifth Avenue locations have been affected by the security breach with approximately 35,000 credit card accounts for sale on the dark web.
According to Gemini Advisory, the top five exposed Saks Fifth Avenue locations are:
The Outlets at Bergen Town Center - Paramus, NJ
The Gallery at Westbury - Garden City, NY
King of Prussia - King of Prussia, PA
Bridgewater - Bridgewater, NJ
Braintree - Braintree, MA
Lord & Taylor locations affected
There have been 51 Lord & Taylor locations that have been affected by the security breach. Approximately 90,000 credit cards were discovered for sale on the dark web.
The top five locations are:
Fifth Avenue, New York
Garden State Plaza, Paramus, NJ
Eastchester – Scarsdale, NY
Garden City – Garden City, NJ
Freehold Raceway Mall – Freehold, NJ
While it is still unclear about how these store payment accounts were compromised, The New York Times reports that it was likely caused by phishing scam emails sent to Hudson’s Bay employees. Cyber attackers send fake emails to accounts that appear to look legitimate. When the reader clicks on the link in the email or opens an attached file, malicious software is installed on their computer, which can eventually give hackers access to the network.
According to updated security notices found on the Saks Fifth Avenue and Lord & Taylor websites, they are offering free identity protection and credit monitoring services to customers who have been affected.
Saks Fifth Avenue and Lord & Taylor encouraged its customers to closely monitor their accounts and to notify the card issuer used to make payments if there is unusual activity. Customers are also encouraged to customer service at 1-855-270-9187 beginning April 4 to learn more about the security breach and find out if their account was compromised. The service line will be open Monday through Saturday from 8:00 a.m. to 8:00 p.m. Central Time.