Security & Fraud

Saks Fifth Avenue Compromised Personal Data Of Customers

saks fifth avenue data breach

Tens of thousands of Saks Fifth Avenue shoppers had their personal information compromised and made publicly available online, BuzzFeed News reported.

The retailer’s online website is maintained by Hudson’s Bay Company, which exposed the email addresses, phone numbers and IP addresses of customers, along with the products’ codes of items customers were interested in purchasing.

The information was posted on unencrypted, plain text web pages.

BuzzFeed News reviewed the pages, which were only taken down after the news outlet reached out to Hudson’s Bay Company for comment on the report.

“We take this matter seriously,” a Hudson Bay Company spokesperson told BuzzFeed News. “We want to reassure our customers that no credit, payment or password information was ever exposed. The security of our customers is of utmost priority, and we are moving quickly and aggressively to resolve the situation, which is limited to a low single-digit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”

It was also noted that Saks Fifth Avenue’s website also has some pages that are served over unencrypted connections, which leaves the information of shoppers vulnerable to hackers if they are browsing the site on an open Wi-Fi network.

“This is as bad as security gets,” Robert Graham, cybersecurity expert and the owner of Errata Security, told BuzzFeed News. “Everyone is vulnerable.”


Latest Insights: 

Facebook is a giant in the ad game, with 2.3 billion active monthly users and $16.6 billion in quarterly advertising revenue. However, its omnipresence makes it a honeypot for fraudsters. In this month’s Digital Fraud Report, PYMNTS talks with Rob Leathern, Facebook’s director of product management, on how the site deploys automated systems and thorough advertiser vetting to close the lid on fraudster attempts.

Click to comment


To Top