Saks Fifth Avenue and Lord & Taylor Suffer Massive Payment Card Breach

16 May
Company, Industry, News

A few weeks ago, Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor stores located in North America suffered a massive data breach where hackers stole millions of shopper’s payment card information.

This includes credit cards, debit cards, cardholder name, payment card number and expiration date.

Security researchers at Gemini Advisory believe “a well-known professional hacker group has broken into the ‘entire network’ of Lord & Taylor and dozens of branches of Saks.”

The Hudson Bay Group retails announced this breach through a letter on their website. Within the letter, they offer customers identity protection support and further stated that “customers will not be liable for fraudulent charges that may result from this matter”.

Moreover, Gemini said that card information could be compromised from July 1st, 2017 as this is when hackers first infiltrated their systems. So far, 35,000 payment cards for Saks Fifth Avenue have been put for sale on the dark web and 90,000 for Lord & Taylor. However, Gemini expects all 5m cards to be made available in the coming months as hackers gradually release card information to ‘avoid the oversaturation of the market’.

To deal with this Saks has contained the issues and is now working with leading security experts to conduct a thorough investigation and to improve their systems. Also, they’ve been working with law enforcement and credit card companies to secure customers.

The group behind the attack is a hacking syndicate known as JokerStash. This attack is a long run of high profile attacks; Gemini reports they have also attacked Whole Foods, Chipotle, Omni Hotels & resorts, Trump Hotels and many more.

If you’re worried your company isn’t safe, feel free to reach out and see how we can solve your cybersecurity needs.


Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how Symantec can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.

You can also find us on TwitterFacebook,  LinkedIn.

Don’t forget to register for our 4th annual Camp Secure Sense here. Camp Secure Sense is geared towards helping Canadian IT Security professionals improve their security practices, and better protect their organization.