Another day, another breach.
Saks Fifth Avenue and Lord & Taylor confirmed Sunday that more than five million credit and debit card numbers were stolen from customers in a recent data breach.
The cybercriminal syndicate known as Fin7 reportedly targeted physical stores in New Jersey and New York by installing software in cash register systems that relayed credit card numbers back to the hackers until last month.
The data breach was first reported by cybersecurity company Gemini Advisory (via The New York Times). The firm claims that Fin7 has so far put 125,000 credit card numbers for sale on the dark web. Gemini Advisory expects all of them become available “in the coming months.”
Sadly, this isn’t the first major breach from this cybercriminal ring. The Russian-speaking group has hacked a number of major American retailers in the past, including Whole Foods, Chipotle, Omni Hotels & Resorts, and Trump Hotels.
Although this breach is far from the biggest to happen to a major retailer, it’s still significant. For comparison, the 2013 cyberattack of Target compromised 41 million customer cards, the 2014 Home Depot breach impacted 50 million customers, and our old friend Equifax laid vulnerable the identities of 143 million customers and counting. That said, this breach is, according to Gemini Advisory’s report, one of the most disastrous retail breaches to date.
Part of the reason is that it’s harder for banks to catch fraudulent activity among Lord and Taylor’s key demographics. While a sudden expensive purchase would look suspicious from someone who usually shops at Target, it might seem innocuous coming from the types of customers who often shop at Saks or Lord and Taylor.
The Hudson Bay Company, which owns both stores, told The New York Times in a statement that “Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”
There will certainly be kerfuffle as the companies sort out their systems, but one thing’s for sure: This is a stark reminder when it comes to credit card transactions. Nothing is safe, not even the retailers you trust the most. Keep a close eye on your credit card transactions, and make sure to report any suspicious activity.