A notorious hacking syndicate has stolen data from over 5 million Saks Fifth Avenue and Lord & Taylor payment card customers.

In a blog article posted Sunday, cybersecurity and intelligence company, Gemini Advisory, confirmed that card data from more than 5 million customers had been stolen from luxury department stores Saks Fifth Avenue and Lord & Taylor.

According to the firm’s report, a certain JokerStash hacking syndicate known as Fin7 announced on March 28th the “release for sale” of the massive data haul containing hacked credit and debit card information.

Upon further investigation and in cooperation with different financial organizations, Gemini was able to confirm with a “high degree of confidence” that the stolen records were of Saks and Lord & Taylor’s shopping customers.

“On March 28, 2018, a notorious hacking JokerStash syndicate, also known as Fin7 announced the latest breach of yet another major corporation, with more than five million stolen payment cards offered for sale on the dark web,” Gemini reported.

“Several large financial institutions have confirmed that all tested records had been used before at Saks Fifth Avenue, Saks Fifth Avenue OFF 5TH, a discounted offset brand of luxury Saks Fifth Avenue stores, as well as Lord & Taylor stores.”

In a statement released by Hudson’s Bay Company, the Canada-based retail business group which operates both the luxury department stores, they confirmed that the hacking incident had occurred.

“We recently became aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America. We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores,” the company wrote.

“While the investigation is ongoing, there is no indication that this affects our e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe. We deeply regret any inconvenience or concern this may cause.”

This incident is considered one of the most costly data breaches in the history of the retail industry. It should be noted that Target also suffered from the same ordeal when around 40 million of its customers’ card information was stolen back in 2013.

Read More: Under Armour Hacked, 150 Million MyFitnessPal Accounts Compromised

The incident shows just how difficult it is to keep credit/debit card transaction systems secured despite multiple layers of security.

According to HBC, once they receive further information about the data breach, they will immediately get in touch with affected clients and will offer them free identity protection services including credit card and web monitoring.

To date, around 35,000 records from Saks Fifth Avenue and 90,000 from Lord & Taylor are offered for sale.

HBC is encouraging customers and patrons of the two retail stores to review their account statements and get in touch with their issuing banks quickly if they notice unknown activities or suspicious transactions in their account.

What do you think is the best way to secure credit or debit card payment information?

banner ad to seo services page