According to Gemini Advisory on March 28th, 2018 a hacking syndicate called ‘JokerStash’ announced the sale of over five million debit and credit card numbers. They are also reporting that based on discussions with financial organizations that these card numbers were stolen from Saks Fifth Avenue and Lord & Taylor stores.
Other key points:
- Data was stolen from May 2017 until present
- Affects all Lord & Taylor stores and 83 Saks Fifth Avenue stores
- 125,000 records are currently on sale in the black market currently, this is expected to increase
- Seems only payment data was stolen, no social security or drivers license numbers are currently thought to be stolen
- You can read Hudson Company (owners of Saks/Lord & Taylor) official statement here
I’ve long said that the penalties for companies that have data breaches are not in line with the damage that is done to individual consumers when their data is breached. Because of these low penalties breaches are all too common and seem to be increasing in frequency. If you are affected then you should be contacted by Saks/Lord & Taylor in the coming days and offered free identity protection services as well as free credit monitoring. I suspect that individual card issuers will also be automatically reissuing any and all cards that have been used at affected locations. If you think you have been affected by this breach, I’d recommend reading this post and following the suggested course of action (it was originally written due to the Equifax breach but it’s equally relevant now).
