Claire Rosenzweig Tells CBS2: Change Passwords, Research Protection Plans And Watch Out For Phishing Emails

NEW YORK (CBSNewYork) — The retail world is still reeling following the news of the massive data breach that impacted high-end retailers.

According to a report by independent cyber security firm Gemini Advisory, at least 5 million credit and debit cards may have been compromised at Lord & Taylor, Saks Fifth Avenue and Saks Off Fifth stores all across the country. However, New York and New Jersey stores seem to be the most affected.

Hudson’s Bay Co., which owns all three stores, has set up information on their websites for consumers. As of Wednesday, impacted customers will be able to call 1-855-270-9187 Monday-Friday 9 a.m.-9 p.m. ET for more information.

Many shoppers, whether they were impacted by the breach or not, are obviously concerned.

MORE: Read Gemini Advisory’s Report On The Breach

CBS2’s Rozner has learned the data breach may have been prompted by a phishing email. Gemini Advisory claims hackers sent what’s called phishing emails to HBC employees, who track customer transactions, and then accessed point-of-sale systems.

“So once the consumer swipes their credit card and it goes onto that computer, then a hacker’s able to take the information from there,” Noah Birnbaum, Vice President of FITECH Consultants, explained.

CBS2 asked the company if it installed software to prevent phishing, but has not heard back. HBC did say it “identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores.”

But some are wondering how a company with high-end consumers was able to go a year without knowing of the problem.

“Sometimes it can take a long time before you even realize you had a problem – months, even years sometimes,” said Vasant Dhar, who teaches data science at NYU. “With people with high spending activity, it just becomes so much harder. That might just pass through as just a legitimate activity.”

Dhad said companies need to start being proactive and treat customer data as first class.

“This is a CEO-level issue. It isn’t something that you slough off to your tech person and say, ‘hey, prevent these things from happening,’” he said. “Ultimately, it’s a CEO-level issue.”

So what can shoppers do in the meantime?

“Those credit cards and debit cards, change your passwords. Go to the credit monitoring organizations and see what they have, different levels of protection, anything from credit monitoring, credit alerts, credit freezing. See what’s right for you,” Claire Rosenzweig, the president of the Better Business Bureau of Metro New York, said.

“Watch out for phishing emails and phone calls that will try to get you to give up your personal information,” she added. “Never answer them. Go to the source. Find out if they were trying to get that information and give it only to them, and only after you have verified that they are the real thing.”

While there are services that can alert you to fraud, it’s incumbent upon you to check bank statements regularly.