On April 1, 2018, Lord & Taylor and Saks Fifth Avenue publicly announced a data breach of over 5 million card-carrying shoppers at their stores. Compromised cash registers infected with software gave hackers access to credit card numbers and other financial information of customers. Only card information from customers shopping in physical retail stores has been affected; online shopping platforms experienced no such hack attack. So what happened in this attack and how does it compare with other data breaches in recent years? Let’s take a look:
Overview
Of the 5 million credit card numbers obtained, 125,000 were put up for sale on the deep web. The hackers are a Russian group known as Fin7 or JokerStash, and they refused to tell from where they obtained these records. However, researchers teamed up with banking institutions in an effort to determine the common origin of the attacks – Lord & Taylor and Saks stores, mainly in New Jersey and New York. These attacks went on unknowingly for almost a full year: May 2017 to March 2018. In response to the data breach, the Hudson’s Bay Company, which owns the two retail chains, said in a statement that they, “will offer affected customers free identity protection services, including credit and web monitoring.”
Exposing security threats
This is not the first time a major retailer has been hit with a data breach; in 2013, Target was hit, affecting 40 million card holders. In 2014, Home Depot was victim to a data breach, affecting 56 million cards. Finally, in 2017, Equifax reported a breach of their systems that affected 145.5 million Americans. All this just goes to show the difficulties in keeping credit card transaction systems and the info they retain secure.
What can you do?
If you happen to be one of the 5 million customers affected by this data breach – or any data breach, for that matter – there are steps you can take to protect your financial information. First, you would do well to change your login credentials for accounts associated with the company. You should also actively monitor your account activity, as fraud is not often immediate following a data breach. Finally, you may choose to set up either a fraud alert or freeze your credit all together in order to deter criminal activity in your name.
Data breaches can be scary for both consumers and the businesses they affect. Regardless of if your financial data has been compromised, you should continually monitor your account activity and report any suspicious activity to your bank or other financial institution immediately. If you would like to inquire about best IT security practices in the wake of a data breach, contact M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com.
Categorised in: data breach, data management, disaster recovery, hacking, in the news, Security