Massive Data Breach Hits Saks Fifth Avenue, Lord & Taylor Stores
NEW YORK (CBSNewYork) — One of the biggest credit card heists in modern history has hit some high-end retail stores.
According to a new report, 5 million credit and debit cards were copied from transactions at Lord & Taylor, Saks Fifth Avenue and Saks Off Fifth stores. Locations in New York and New Jersey are believed to be impacted the most, CBS2's Lisa Rozner reported Sunday evening.
The new report says the location on Fifth Avenue had the highest number of data breaches. This affects anyone who shopped at Saks Fifth Ave or at the Saks stores between May of last year and now. Many customers left the store worried on Sunday.
Regular Lord & Taylor customers Howard and Penny Weiss learned their information may be one of millions compromised.
"I'm going to cancel the card. I have and get a new card just to be safe," Howard Weiss said.
Independent cyber security firm Gemini Advisory says it discovered a hacker put credit and debit card information it obtained from in-store purchases up for sale on the dark web last week.
Canadian-based Hudson's Bay Co. owns Lord & Company, Saks Fifth Avenue and Saks Off Fifth. It confirmed the breach and said it has "identified the issue, and has taken steps to contain it." Customers are being asked to review account statements and contact their credit card companies if they've noticed suspicious activity in the last year.
"We will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring," the company said in a statement.
Cyber security expert Manny Gomez told CBS2's Rozner the breach could have been prevented.
"Huge stores that are nationwide like Lord & Taylor and Saks Fifth Avenue are a huge target. They're high-end stores. There's people with a lot of means that shop there and they should have been a little more proactive in the way they protected their clients' credit cards," Gomez said.
Gemini Advisory said the company was delayed in switching from machines that swipe credit cards to ones that have customers insert a chip, which may have caused the breach. However, An HBC spokesperson said chip readers were in place at all of its stores more than a year ago, CBS2's Rozner reported.
"Swipe cards contain less protection in them. The chip card -- and that's why when you place chip inside -- it takes a couple of seconds for it to actually retain the information," Gomez said.
Shoppers said they were surprised by Sunday's stunning news, given the respective reputations of the retailers.
"I don't feel good. I just gave my credit card to them to reserve some merchandise for me with a discount," Manhattan resident Maria Amh said.
"It's horrible. You go into a store, you give them your information and you think it's safe, especially a name brand like this," added Shamus Dunn of Hamilton, New Jersey.
"I would rather use cash at these stores where they're having these kinds of problems," shopper Vicki Albanese said.
"I have a credit monitoring thing that I subscribe to each month, so when I get an alert something has happened with my credit report I log in and make sure it was me and not somebody else," said North Carolina resident Brian Eisner.
Gemini Advisory said the top five Lord & Taylor stores affected are all in our area. Three of the five top Saks stores affected are in the Tri-State Area as well, Rozner reported. To read Gemini Advisory's full analysis of the breach, CLICK HERE.
If you are affected, Hudson's Bay Co. said you won't be held responsible for fraudulent purchases. Online transactions are not believed to be part of the breach, Rosner reported.
