Gemini Advisory, a cybersecurity research firm, has reported that a cybercriminal ring has stolen more than five million credit and debit card details from North American stores of retail brands Saks Fifth Avenue and Lord & Taylor.
According to Gemini, the theft most likely involved data from May 2017 to present from the complete network of Lord & Taylor and 83 Saks Fifth Avenue outlets.
The firm added that majority of credit cards were obtained from New York and New Jersey locations.
Both Saks Fifth Avenue, including its discounted offset brand Saks Fifth Avenue OFF 5TH, and Lord & Taylor are owned by Canadian company Hudson’s Bay.
The company confirmed the breach but did not reveal any information on the extent or the number of customers impacted. It added that investigation is being carried out and its e-commerce sites appear to remain unaffected.
A Hudson’s Bay statement read: “We recently became aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America.
“We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores.
“While the investigation is ongoing, there is no indication that this affects our e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters or HBC Europe.”
If the current declared number of compromised cards is to be accurate, this attack can be considered among the biggest and most damaging ones to retail companies.