Card Numbers Stolen From 5M Saks, Lord & Taylor Customers

A group of hackers has stolen more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, a cybersecurity firm has revealed.

photobyphm / Shutterstock.com

A portion of the card information has been offered for sale on the dark web, according to Gemini Advisory. A hacking syndicate known as Fin7 acquired the data and has offered about 125,000 records for sale thus far. Though the “entire network” of Lord & Taylor and Saks Fifth Avenue locations has been compromised, “the majority of stolen credit cards were obtained from New York and New Jersey locations.”

Gemini Advisory estimates the “window of compromise” occurred from May 2017 until the present. Even though not all the card numbers are currently for sale, it could just be a matter of time until the rest of the records are made available.

Cancel Cards

If you’ve stopped at any Saks or Lord & Taylor stores in the last year — and you know which card you’ve used — you should get a new card. (Customers who’ve shopped there but don’t recall which card may have been used should check their account history.) Gemini Advisory surmises that due to the high-end nature of the stores — and their customers, these customers may be less inclined to notice big-ticket fraudulent charges. So stay vigilant.

Gemini Advisory notes that this breach “once again emphasizes the importance of a transition to the more secure EMV POS terminals in retail operations” from older magstripe terminals.

This is merely the latest in a growing series of recent in-store data breaches stemming from malware on payment terminals. Not even a month ago, a similar breach affected more than 160 Applebee’s locations in 15 states. A recent breach of Jason’s Deli was also caused by the JokerStash syndicate, Gemini Advisory says. That incident also saw payment information stolen from about five million cards.

H/T The New York Times

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews