JokerStash, a well known criminal group, has managed to breach Hudson’s Bay Co’s security systems and gain access to its payment cards data.
Having penetrated the security systems of Hudson’s Bay Co, hackers have gained access to data on payment cards used at Saks and Lord & Taylor stores in North America, said Hudson’s Bay in a statement.
A cyber security firm has found evidence that millions of credit cards may have been compromised because of the hack which occurred over the last year; however it added, it was too soon to confirm whether the details.
In its statement, Hudson’s Bay said although it had “taken steps to contain” it did not state whether it had succeeded in securing its network. It also did not disclose when the incident took place, for how long and the number of payment card numbers that were compromised because of it.
“Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” said the statement.
A spokeswoman for Hudson’s Bay declined to elaborate.
The hacking incident comes at a time when Toronto, Canada-based Hudson’s Bay is struggling to improve its financial performance in a tough retail environment with sales and margins weighing on it.
In June 2017, it launched a plan to restructure the company, slash costs, and monetize the value of its substantial real estate holdings.
Hudson’s Bay disclosed the hacking incident after Gemini Advisory, a cyber security firm, reported on its blog that Saks and Lord & Taylor were hacked by JokerStash, a well-known criminal group.
As per Dmitry Chorine, Gemini’s Chief Technology Officer, JokerStash plans on releasing the details of more than 5 million stolen credit cards; it typically sells stolen data on the darknet.
According to Chlorine, JokerStash has released around 125,000 payment cards details, 75% of which appear to have been taken from the Hudson’s Bay units. He went on to add, the bulk of the 5 million payment card numbers that JokerStash said it will release, are likely to come from Saks and Lord & Taylor, however it is too early to say for sure.
“It’s hard to assess at the moment, primarily because hackers have not released the entire cards in one batch,” said Chlorine.
According to Alex Holden, CIO of cyber security firm Hold Security, details of 125,000 payment cards have so far been released by JokerStash, however, it is too soon to estimate how many had been taken from Hudson’s Bay.
If JokerStash has in fact managed to steal payment card data in the millions, the incident would mark as one of the largest heists in the past year.
Significantly, Hudson’s Bay has clarified, there is no indication that the breach affected its online sales at Saks and Lord & Taylor outlets or its Hudson’s Bay, Home Outfitters and HBC Europe units.
Further, it said, customers will not be liable for fraudulent charges resulting from the breach.