New York, New Jersey at Center of Data Breach at Saks, Lord & Taylor

Data from millions of credit cards may have been stolen from Saks and Lord & Taylor stores. The stores’ parent company, Hudson’s Bay Co, announced the data breach on April 1. They don’t yet know the full extent of the breach but said that customers whose data was stolen would not have to pay for fraudulent charges. We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores. -HBC A New York-based cyber security firm first disclosed the hack on its blog. Gemini Advisory said the theft was by a well-known hacker group called JokerStash. The group advertised the sale of 5 million credit cards, Gemini Advisory says. The majority of the cards were from the stores’ New York and New Jersey locations. The group has so far released the details of about 125,000 cards for sale on the dark web. Gemini says 75% of those appear to have been from the Hudson’s Bay companies. “While the investigation is ongoing, there is no indication at this time that this affects the Company's e-commerce or other digital platforms, Hudson's Bay, Home Outfitters, or HBC Europe.” -HBC Gemini’s CEO advises those affected by the breach to cancel their cards.