Apparently, FIN7 hackers are behind the breach – The same group was behind targeting Trump Hotels.
The Hudson’s Bay owned Lord & Taylor and Saks Fifth Avenue department stores have suffered a massive data breach in which 5 million payment cards data of its customers have been stolen and available on the dark web for sale.
FIN7 hacks The Hudson’s Bay’s subsidiaries
The data breach was identified by Gemini Advisory, a threat analysis, and dark web research company. According to their findings, the hackers behind this breach belong to JokerStash hacking syndicate also known as Fin7 known for carrying out sophisticated phishing scams.
The researchers who saw the data being sold on dark web noted that it contains payment card data from May 2017 to present. There is, however, no indication that driver’s license numbers, Social Security or Social Insurance numbers or PINs have been affected by this issue.
“Based on the analysis of records that are currently available, it appears that all Lord & Taylor and 83 US-based Saks Fifth Avenue locations have been compromised. In addition, we identified three potentially compromised stores located in Ontario, Canada. However, the majority of stolen credit cards were obtained from New York and New Jersey locations.”
FIN7 hackers are calling it BIGBADABOOM – 2 in which (125,000 Saks Fifth Avenue and 90,000 records for Lord & Taylor) stolen records are being sold and it is a matter of time before the whole cache will go up for sale. However, it is noteworthy that the same group has been behind other high-profile breaches including Trump Hotels, Omni Hotels, Whole Foods and Chipotle.
“This incident shows once again merchants still need to protect themselves against POS system infiltration attacks targeting cardholder data. A multi-layer security strategy is necessary. Retailers must start by segmenting their POS networks, using next-gen firewalls to block data exfiltration and implement constant monitoring and endpoint threat detection,” said Mark Cline, VP at Netsurion. “If nothing else, dwell time of such an attack would be reduced to hours or days. After all, the report is that this attack has persisted for almost a year, just as we have seen in previous massive card breaches.”
Your identity on Dark Web is worth a few dollars
It is not surprising that FIN7 hackers are selling the stolen The Hudson’s Bay data on Dark Web. Last week, a research revealed that hackers have access to a massive trove of user data although much of it is of little monetary value including Facebook accounts that are sold for only $5.20 while a Gmail ID is worth just $1.
However, for The Hudson’s Bay customer challenge is that once on the Internet it is always on the Internet. Therefore, the company has to be ready to deal with the difficulties coming its way. At the time of publishing this article, the company is investigating the issue and plan to offer free identity protection services, including credit and web monitoring.
Image credit: Depositphotos