Dozens of retailers have been affected by cybercrime over the past decade or so, some on multiple occasions. Luxury brand Saks Fifth Avenue is the latest to fall victim to the pervasive threat, the hacker exposing sensitive data conducted via credit card processing.
Hudson's Bay, which owns both Saks Fifth Avenue and Lord & Taylor, confirmed the security breach took place the final weekend of March, The Wall Street Journal reported, one of the busier periods on the sales calendar given the Easter holiday.
"We have identified the issue, and have taken steps to contain it," the company's spokesman stated, as reported by the newspaper. He went on to mention that the proper authorities have been informed of the breach and the company is doing everything it can to assure customers' protection. This includes Hudson's Bay providing complimentary identity theft protection services, which also features credit monitoring.
"Data breaches are expected to increase in 2018."
Even though most businesses today recognize the threat identity theft poses and have put in place security strategies, hackers are seemingly adjusting to the obstacles thrown in their way. Although it's not yet known what type of breach perpetrators used in this most recent incident, security experts believe ransomware attacks will proliferate in 2018 and beyond. Last year, ransomware cost those victimized $5 billion and in 2019, the financial toll is expected to reach $11 billion, according to Acronis.
Eric O'Neill, data security expert and former FBI counterterrorism and counterintelligence operative, said ransomware attackers don't discriminate.
"No business or person is safe," O'Neill warned. "An effective data protection strategy, which includes regularly backing up data and training employees, can go a long way in keeping your data out of the hands of cybercriminals."
While investigators aren't sure about the means by which the Saks Fifth Avenue breach was performed, they're pretty sure about who's behind it. The group is known as JokerStash Syndicate. Dmitry Chorine, chief technology officer at Gemini Advisory, told the WSJ that this entity was able to skirt past security and tapped into the luxury retailer's point of sales system. He added JokerStash – otherwise known as Fin 7 – has been involved in breaches before, though they were far smaller in scale.
Quarter million credit cards exposed
As for how many customers had their payment data outed, Gemini Advisory puts the preliminary total at 125,000 credit cards, The Wall Street Journal reported.
Easter weekend typically sees increased customer traffic for retail stores and chains and this past holiday was no different. Spending is projected to exceed $18 billion, which if reached would be a near all-time high, according to the National Retail Federation. Eighty percent of shoppers were forecast to spend $150 per person, mainly at discount and department stores.
"Customers are urged to check their accounts."
Saks Fifth Avenue has stores in 22 states
The Easter weekend breach remains an ongoing investigation. So far, Hudson's Bay says it believes the attack originated from one of its New York locations, The Associated Press reported, but it's also possible it came from a store in the Northeast. Saks Fifth Avenue has a presence in 22 states.
"We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter," the company said in an updated statement on April 2 at its website. "Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."
It added customers should be sure to check their account statements and inform the appropriate credit card issuers immediately if they notice transactions conducted without their prior authorization.
911 Software specializes in processing solutions, providing secure POS systems since our founding in 1995. Contact us to learn more about installing the point of sale system you and your customers can trust.