Security & Fraud

Saks Fifth Avenue Compromised Personal Data Of Customers

saks fifth avenue data breach

Tens of thousands of Saks Fifth Avenue shoppers had their personal information compromised and made publicly available online, BuzzFeed News reported.

The retailer’s online website is maintained by Hudson’s Bay Company, which exposed the email addresses, phone numbers and IP addresses of customers, along with the products’ codes of items customers were interested in purchasing.

The information was posted on unencrypted, plain text web pages.

BuzzFeed News reviewed the pages, which were only taken down after the news outlet reached out to Hudson’s Bay Company for comment on the report.

“We take this matter seriously,” a Hudson Bay Company spokesperson told BuzzFeed News. “We want to reassure our customers that no credit, payment or password information was ever exposed. The security of our customers is of utmost priority, and we are moving quickly and aggressively to resolve the situation, which is limited to a low single-digit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”

It was also noted that Saks Fifth Avenue’s website also has some pages that are served over unencrypted connections, which leaves the information of shoppers vulnerable to hackers if they are browsing the site on an open Wi-Fi network.

“This is as bad as security gets,” Robert Graham, cybersecurity expert and the owner of Errata Security, told BuzzFeed News. “Everyone is vulnerable.”


Latest Insights: 

With an estimated 64 million connected cars on the road by year’s end, QSRs are scrambling to win consumer drive-time dollars via in-dash ordering capabilities, while automakers like Tesla are developing new retail-centric charging stations. The PYMNTS Commerce Connected Playbook explores how the connected car is putting $230 billion worth of connected car spend into overdrive.

Click to comment


To Top