Hackers Steal 5 Million Payment Cards in Saks, Lord & Taylor Data Breach

The ongoing wave of large-scale retail data breaches isn’t about to come to an end any time soon after a cybersecurity firm discovered a data breach of over 5 million credit and debit cards used at retail chains.

Cybersecurity firm Gemini Advisory has identified a massive data breach involving retail chains Saks Fifth Avenue and the entire network of Lord & Taylor. The breaches began in May 2017 and apparently continue to this day. The perpetrator behind the breach is Fin7, a JokerStash online crime syndicate that is now planning to sell over 5 million payment cards stolen from the franchise stores. The cybercriminals are currently ‘only’ selling 125,000 cards on the Dark Web at press time.

A well-known hacker outfit, JokerStash has been connected to a string of data breaches including Whole Foods, Omni Hotels and Chipotle.

“We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America,” the company said in a statement. “While the investigation is ongoing, there is no indication at this time that this affects our e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe. We deeply regret any inconvenience or concern this may cause.”

According to Gemini Chief Technology Officer Dmitry Chorine, the bulk of the stolen 5 million card numbers is, according to Reuters, being primed for release by JokerStash.

Saks Fifth Avenue moved to insist that customers won’t be held liable for any fraudulent charges that may arise from the data breach. The retailer says it will offer impacted customers with free identity protection services including credit and web monitoring once “we have more clarity around the facts.”

Image credit: Wikimedia.