The research firm that identified the Saks breach, Gemini Advisory, said on Sunday that a group of Russian-speaking hackers known as Fin7 or JokerStash posted online on Wednesday that it had obtained a cache of five million stolen card numbers, which the thieves called BIGBADABOOM-2. The hackers, who have also hit other retail chains, offered 125,000 of the records for immediate sale.
Fin7 did not disclose where the numbers had been obtained. But the researchers, working in conjunction with banks, analyzed a sample of the records and determined that the card numbers all seemed to have been used at Saks and Lord & Taylor stores, mostly in New York and New Jersey, from May 2017 to March 2018.
Although it’s unclear exactly how the malware was installed in the stores’ checkout systems, Gemini said it was most likely through phishing emails sent to Hudson’s Bay employees. In a phishing attack, hackers send seemingly legitimate emails to a company’s employees that encourage them to click on a link or attached file that secretly installs software on their computers, giving the attackers a back door into the systems.
The breach comes at a difficult time for Saks and Lord & Taylor, and retailers more generally.
Online shopping has cut deeply into the traditional brick-and-mortar retail industry, and department stores have been particularly slow to adapt to the new ways that people shop.
Chains that cater to a spectrum of income levels and affluence have seen their sales dwindle. The once-mighty Macy’s has closed stores and laid off thousands of employees. Neiman Marcus, a high-end brand, was at one point mulling a merger with Hudson’s Bay. And last year, Lord & Taylor, a jewel of luxury shopping in the Hudson’s Bay portfolio, sold its 676,000-square-foot flagship Manhattan location, the latest retail titan to acknowledge that much of its value now comes simply from the physical buildings where shoppers once flocked.
As digital forces reshape the retail industry, Hudson’s Bay executives have watched the company’s stock plummet in recent years. Comparable store sales — one important measure of performance — dropped 2.6 percent in its department stores group in the most recent quarter.
In October, Hudson’s Bay announced that its chief executive, Gerald L. Storch, would step down, a departure that shook up the top ranks just ahead of the crucial holiday shopping season. Helena Foulkes, a veteran of the pharmacy giant CVS Health Corporation, was appointed to the position in February.