Article content continued

“On March 28, we saw a significant spike of stolen credit cards offered for sale on one of the marketplaces,” said Chorine.

“When we checked, we saw there was an advertisement stating that more than five-million credit and debit cards will be offered for sale, and that’s when we decided to research this particular breach.”

The data that Chorine and his team found was being offered on a dark web marketplace operated by a hacking group called JokerStash, which Chorine says has been active in hacking retail and hospitality companies for the past three years.

Gemini Advisory said Sunday that it had found data that had been stolen from as early as March 2017, and as late as March 2018.

He said that only certain Saks Fifth Avenue locations were affected because the outlet was in the process of switching from card-swipe technology to EMV chip technology, which is already commonly used in Canada.

Stores that had already implemented chip machines would likely not be exposed to the data breach, Chorine said.

Chorine urged any consumers who had shopped at Saks Fifth Avenue or Lord & Taylor stores in the past year to take preventative measures against fraud.

“They should probably call their banks and replace their cards,” said Chorine. “That would probably be the best preventative action they could take, instead of just waiting.”

There’s no indication that Hudson’s Bay, Home Outfitters, HBC Europe or the company’s online sales platforms have been affected, according to the company’s statement.

It’s not the first time Hudson’s Bay has run into trouble over data protection. The company published thousands of customers’ personal information — including email addresses and phone numbers — last year. In that instance, payment data was not exposed, a spokeswoman said at the time.

Bloomberg.com

With files from The Canadian Press