This story was delivered to BI Intelligence "Payments Briefing" subscribers hours before appearing on Business Insider. To be the first to know, please click here.

Department stores Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor — all of which are owned by The Hudson’s Bay Company — were hit with a data breach at several locations in North America, compromising more than 5 million credit and debit cards, according to The New York Times.

The stolen card numbers are thought to have come from stores mostly in New York and New Jersey from May 2017 to March 2018, and there’s no indication that card information used on the stores' websites was stolen. The criminals — who put 125,000 compromised cards’ information for sale on the dark web — most likely implanted software into the stores' point-of-sale (POS) systems, which they could have gained access to through phishing emails.

Breaches like this can heavily influence consumers' spending habits, at the expense of retailers and issuers.

They can lead consumers further away from spending in-store. This breach is another indication that large retailers struggle to ensure the security of their payment systems. Target suffered a breach that compromised 40 million cards in 2013, and Home Depot had 56 million card numbers stolen in 2014. Department stores are already in a compromised position given consumers’ continually shifting preference toward e-commerce, which has caused many companies to downsize or go out of business: Lord & Taylor is selling its iconic flagship store, and Toys "R" Us just announced that it's shuttering all of its stores. In-store fraud at the POS is a huge setback that can further prevent consumers from shopping at brick-and-mortar locations. It's therefore imperative for these retailers to encrypt customer payment information to prevent these breaches from happening.

This breach is another indication that large retailers struggle to ensure the security of their payment systems. Target suffered a breach that compromised 40 million cards in 2013, and Home Depot had 56 million card numbers stolen in 2014. Department stores are already in a compromised position given consumers’ continually shifting preference toward e-commerce, which has caused many companies to downsize or go out of business: Lord & Taylor is selling its iconic flagship store, and Toys "R" Us just announced that it's shuttering all of its stores. In-store fraud at the POS is a huge setback that can further prevent consumers from shopping at brick-and-mortar locations. It's therefore imperative for these retailers to encrypt customer payment information to prevent these breaches from happening. Breaches can also lead some consumers away from card usage in general. The abundance of credit and debit card fraud may leave some consumers more inclined to use cash. A record-high 16.7 million US adults were victims of identity fraud in 2017, marking an 8% increase from the year before. That’s left some consumers wary of electronic payment methods — 22% of consumers surveyed prefer to pay in cash because of fears about identity theft or credit card fraud, according to a study by the NBD Group. Firms should continue to invest in fraud prevention solutions and address consumers' concerns, or they'll risk experiencing a breach and losing business.

Business Insider Intelligence, Business Insider’s premium research service, has put together a detailed report on the data breach threat, who and what companies need to protect themselves from, and how they can most effectively do so from a technological and organizational perspective.

Here are some key takeaways from the report:

The breach threat isn’t going anywhere. The number of overall breaches isn’t consistent — it soared from 2013 to 2016, but ticked down slightly last year — but hackers might be becoming better at obtaining more records with less work, which magnifies risk.

The majority of breaches come from the outside, and leverage software and hardware attacks, like malware, web app attacks, point-of-service (POS) intrusion, and card skimmers.

Firms need to build a strong front door to prevent as many breaches as possible, but they also need to develop institutional knowledge to detect a breach quickly, and plan for how to resolve and respond to it in order to limit damage — both financial and subjective — as effectively as possible.

In full, the report:

Explains the scope of the breach threat, by industry and year, and identifies the top attacks.

Identifies leading perpetrators and causes of breaches.

Addresses strategies to cope with the threat in three key areas: prevention, detection, and resolution and response.

Issues recommendations from both a technological and organizational perspective in each of these categories so that companies can avoid the fallout that a data breach can bring.