Hudsons Bay Brands Hacked, 5 Million Credit Card Accounts Stolen

The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.

An infamous cybercrime group hacked and purloined some 5 million credit card numbers from Hudsons Bay brands Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor in a massive retail data breach disclosed over the weekend.
In a Sunday advertisement on the Dark Web, 125,000 of the stolen credit card accounts were offered for sale on the Dark Web. The breach was first disclosed in
a blog post
by security analysts at Gemini Advisory, revealing that the entire network of Lord & Taylor stores, 83 Saks Fifth Avenue stores, and an unknown number of Saks Off Fifth stores were compromised by malware that breached the point-of-sale system in each location.
The length of the breach says a lot about the methodology, says Mounir Hahad, head of Juniper Threat Labs at Juniper Networks. He explains that the breach, which Gemini Advisory says occurred from May 2017 until the time of the announcement, is characteristic of an attack that compromises the PoS and captures credit-card transaction data and metadata, exfiltrating the data over time.
This long-term compromise of the PoS system is also a characteristic of the Carbanak cybercrime gang aka JokerStash aka FIN7, based on their previous attacks. Its the same cybercrime gang behind breaches at Whole Foods, Chipotle, and Jasons Deli (among other hospitality companies), and typically employs the long-lasting data skim method.

With thousands of devices spread across hundreds of stores, it can be very difficult for retailers to secure their entire networks. All it takes is for one point-of-sale device or router to be left un-patched for an entire company to be compromised, Peter Martini, president and co-founder of iboss, said in a statement.
While no details have been released on precisely how many PoS terminals were compromised, Gemini Advisory says that the majority of credit cards affected were used in New York and New Jersey stores. And some experts see that limited geography as a tool in figuring out how long the attack has been in operation.
While locale-specific attacks like these arent uncommon, the volume of records is a bit larger than usual, which could be a lead to how long the infection was present before detection, says Terry Ray, CTO of Imperva.
According to Ray, multiplying known factors such as number of locations, average number of customers per day, and number of customers using credit cards lead to the conclusion that this malware infection could have been present for as many as 500 days.
Faster Response
The duration of the attack is something that a number of analysts have targeted as an example of an area of enterprise security that organizations should work to improve.
People need to understand that breaches will happen. Its flawed to think that a prevention system alone will be so strong that you never have to deal with detection inside the network, says Junipers Hahad. He says that deficiencies in detection can lead to the worst sort of situation for a company, in which a third party recognizes and alerts you to the existence of a compromise.
Announcement of the breach comes on the heels of the announced
arrest of the gangs leader
in Spain. While some in law enforcement had hope that the arrest of the yet-unnamed individual might lead to a pause or slowdown in the Carbanak groups activity, the advertised sale of credit card numbers would seem to indicate just the opposite.
In a statement posted online, Saks Fifth Avenue says that the owners of any credit card numbers impacted by the breach will be notified and offered free credit reporting services.
Related Content:
A Look at Cybercrimes Banal Nature
Visa: EMV Cards Drove 70% Decline in Fraud
Russian Hackers Sentenced in Heartland Payment Systems Breach Case
8 Security Spring Cleaning Tips for the Home Office
Join Dark Reading LIVE for an intensive Security Pro Summit at Interop IT X and learn from the industry’s most knowledgeable IT security experts. Check out the agenda
here
.Register with Promo Code DR200 and save $200.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Hudsons Bay Brands Hacked, 5 Million Credit Card Accounts Stolen