JokerStash Syndicate Hacks Hudson’s Bay Credit Cards
Credit card numbers from an estimated five million Hudson’s Bay customers were stolen during an almost three -year long cyber security breach. The credit card number were compromised by hacking into the point-of-sale systems (cash registers) at over 100 Hudson Bay’s brand stores. Hudson’s Bay Company owns the retail chains Saks Fifth Avenue, Lord & Taylor, and Saks OFF 5TH brands. The cyber security breach only involves in-store purchases. Customers who shopped online via the brand websites are not believed to be affected.
The group believed responsible for the theft is a hacker group known as JokerStash. Credit card data was lifted from Saks Fifth Avenue, Lord & Taylor, and Saks Off 5th Avenue in-store sales dating from May 2017 to present day 2018.
Hackers typically steal credit card and personal information and then sell the data through various outlets including the dark web. Customers of high-end retail stores like Saks and Lord & Taylor in the tri-state are assumed to have high credit limits. Purchases of expensive items such as electronics, smartphones, and laptops could easily go undetected by security algorithms.
On 28 March 2018 JokerStash announced that the five million stolen credit and debit cards would be available for sale. According to Gemini Advisory, about 125,000 of those credit cards have been put up for sale on the dark web so far.
Hudson’s Bay is a Toronto, Canada based retail business group with origins in fur trading. Hudson’s Bay operates retail stores in Canada, the United States, and Europe.
JokerStash hacked credit cards from several other retailers besides Hudson’s Bay Company and is responsible for the Chipotle Mexican Grill hack and Trump hotels.
According to the Gemini Advisory report, most of the card numbers were hacked from New York and New Jersey stores.
Estimated Window of Compromise: May 2017 – Present
Top-5 Saks Fifth Avenue Compromised Locations:
Number of exposed retail stores: 83
- The Outlets at Bergen Town Center Paramus, NJ
- The Gallery at Westbury Garden City, NY
- King of Prussia King of Prussia, PA
- Bridgewater Bridgewater, NJ
- Braintree Braintree, MA
Number of Credit Cards for Sale: Approximately 35,000
Top-5 Lord & Taylor Compromised Locations:
Number of exposed retail stores: 51
- Fifth Avenue New York, NY
- Garden State Plaza Paramus, NJ
- Eastchester Scarsdale, NY
- Garden City Garden City, NY
- Freehold Raceway Mall Freehold, NJ
Number of Credit Cards for Sale: Approximatel90,000
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers