Saks Fifth Avenue and Lord & Taylor were both affected by a security breach that compromised the personal information of shoppers, parent company Hudson's Bay Co. announced Sunday.
Hudson's Bay said it has "taken steps to contain" the breach, but did not say when it started or give any additional details on the information stolen. The breach appears to have just affected in-store shoppers, the company said, and customers will not be on the hook for any fraudulent charges.
Hudson's Bay made the announcement after Gemini Advisory LLC, a New York-based security firm, shared on its blog that Saks Fifth Avenue and Lord & Taylor had been hacked by JokerStash. JokerStash sells stolen data online, and Gemini Chief Technology Officer Dmitry Chorine told Reuters the group claimed on Wednesday it would release more than five million stolen credit card numbers. Already, Chorine said, they've released about 125,000 cards, mostly from Hudson's Bay.