Hudson's Bay Confirms Data Breach at Stores Including Saks, Lord & Taylor

Hackers stole information for more than 5 million credit and debit cards used at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. Hudson's Bay Company (HBC), which owns the retail chains, confirmed the breach Sunday, and said it has "identified the issue, and has taken steps to contain it." In the statement, HBC said that while the investigation is ongoing, "there's no indication at this time that this affects the company's e-commerce or other digital platforms, Hudson's Bay, Home Outfitters, or HBC Europe." HBC also said it has reached out to customers quickly "to assure them that they will not be liable for fraudulent charges that may result from this matter." HBC, which said it's currently working with "leading data security investigators," added that once the company has more clarity around the facts, it will "notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."

Total Retail's Take: While HBC did the right thing to address this data breach swiftly and ensure its customers that it will correct the issue and take steps to make sure it doesn't happen again, the damage already done could be substantial. Cybersecurity firm Gemini Advisory, which identified the breach and posted a blog detailing its scope, said "the attack is amongst the biggest and most damaging to ever hit retail companies." Gemini Advisory said a hacking syndicate put credit and debit card information it obtained from the hack up for sale on the dark web last week, and a "preliminary analysis" found credit card data was obtained for sales dating back to May 2017, according to the post. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the "majority of stolen credit cards were obtained from New York and New Jersey locations." The hackers were also behind well-publicized data breaches that affected companies including Whole Foods, Chipotle, Omni Hotels & Resorts, and Trump Hotels, Gemini Advisory said. This latest data breach comes on the heels of Under Armour's announcement that 150 million user accounts tied to its MyFitnessPal nutrition-tracking app were breached earlier this year. HBC and Under Armour will now have to deal with the costs associated with a data breach as well as the resulting lack of confidence from consumers that data breaches undoubtedly produce.