B2B Payments

Employee Phishing Likely To Blame For Saks, Lord & Taylor Breach

Experts say an employee phishing scam is likely to blame for the data breach affecting millions of Saks Fifth Avenue and Lord & Taylor payment cards.

Reports in The New York Times on Sunday (April 1) said experts believe a notorious ring of cybercriminals implanted software into the retailers’ register systems, allowing them to access card data for a year.

As Saks and Lord & Taylor owner The Hudson’s Bay Company works to contain and investigate the breach, analysts told the publication that it’s likely an email phishing scam allowed cybercriminals to infiltrate the retailers’ systems.

Gemini Advisory, which first identified the Saks data breach, said Hudson’s Bay employees were probably targeted by an email phishing scam, in which an employee receives an email with a malicious link that installs software in a company’s system, allowing attackers to gain access to sensitive data.

Separate reports by the Associated Press also pointed to an email phishing scam as the likely culprit. Gemini Co-Founder and Chief Technology Officer Dmitry Chorine told the publication that the phishing tactic was most likely the strategy used by cybercriminals that enabled them “to sit on the network of Lord & Taylor and Saks and steal data” for a year.

Hudson’s Bay disclosed the breach on Sunday and said an estimated 5 million cards were compromised. The Canadian company noted it has commenced an investigation.

“Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” the company said in a statement, though Reuters reports said the firm declined to confirm whether its network was secure or still compromised.

Card details first surfaced on JokerStash, an online hacking group, with the site announcing plans to release the information on 5 million credit and debit cards. Gemini Advisory first brought attention to the planned sale, with JokerStash immediately releasing about 250,000 records to buyers.

Phishing scams are on the rise, according to The Anti-Phishing Working Group, which published a report last year that found phishing attacks hit record levels in 2016.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.