Wheat Ridge, Colorado police took a 50-year-old man into custody Wednesday following a two-month search.
Saks, Lord & Taylor the Latest Hit by Hackers
They reportedly gained access to the retailers’ cash register systems to steal payment card data from more than 5 million customers.
New York--Saks Fifth Avenue and sister retailer Lord & Taylor just joined the long list of large companies that have been hacked.
On Sunday, parent company Hudson’s Bay Co. issued a short statement confirming that it had become aware of a “data security issue” involving the credit and debit card numbers of customers who shopped at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America.
While the investigation is ongoing, HBC said it doesn’t appear the breach impacted customers who shopped at any of its other stores or online, including on Gilt.com.
“The company deeply regrets any inconvenience or concern this might cause,” the statement reads. “Once the company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”
HBC did not release any specifics about the number of consumers or location of stores impacted, but in a blog post also published Sunday, Gemini Advisory pinned the attack on a cybercrime syndicate known as JokerStash or Fin7.
The cybersecurity research firm said Fin7 announced March 28 it would be releasing for sale more than 5 million stolen debit and credit card numbers on the dark web, and already has put about 125,000 out there.
Fin7 didn’t say where it obtained the numbers, but Gemini said it confirmed with a “high degree of confidence” that the numbers came from Saks Fifth Avenue and Lord & Taylor. It estimated the breach occurred between May 2017 and now, impacting all Lord & Taylor and 83 Saks stores mainly in New York and New Jersey.
The research firm said it is “among the most significant credit card heists in modern history.”
A spokesperson for HBC declined to comment on Gemini’s statement.
Cybercrime is a growing problem for retailers, including retail jewelers.
In its recently released annual crime report for 2017, the Jewelers Security Alliance noted a “large dollar increase” in thefts by deception and impersonation made possible by the internet, with the average loss from this type of incident topping $1 million.
JSA President John J. Kennedy called it a “dangerous and growing crime trend” for the industry.
On Monday, he offered a number of cybersecurity tips for retailers. Some, he noted, might involve hiring an IT consulting firm.
Kennedy said retailers need to have proper firewalls and up-to-date anti-malware software for all systems, and they need to avoid visiting “questionable and risky sites.”
Jewelers
Kennedy said one of the main methods cybercriminals employ is social engineering, in which they use various methods to win the trust of the company’s employees in order to gain unauthorized access to its IT system.
(The New York Times reported this is what was used by the hackers who targeted Saks and Lord & Taylor. The credit and debit card numbers were stolen via software implanted into the stores’ cash register systems that, most likely, was installed through phishing emails sent to HBC employees.)
He said staff need to be told, or reminded, not to open or click into unknown or suspicious emails.
They also need to be aware that emails can be spoofs—which use the exact email address of known individuals—or come from someone who has obtained an email address that is very similar to, but not exactly the same as, a known party’s address. They need to look for foreign domains, misspellings and other anomalies in emails.
When a transaction is involved, Kennedy recommends calling the person on the phone to confirm that it is not a fraud.
He also recommends having a written cybersecurity policy employees have to read and sign, and having regular staff meetings that include reviews of the company’s cybersecurity protocols.
The Latest
PGI partnered with four new and seven returning designers for its annual platinum capsule collection.
Karina Brez’s race-ready piece is a sophisticated nod to the horse-rider relationship.
Meet Ben Claus—grand prize winner of For the Love of Jewelers 2023 Fall Design Challenge.
The men are allegedly responsible for stealing millions in jewelry and other valuables in 43 burglaries in 25 towns across Massachusetts.
“Horizon” invites individuals to explore the limitless possibilities that lie ahead, said the brand.
The jeweler credits its recent “Be Love” campaign and ongoing brand revamp for its 17 percent jump in sales.
With Ho Brothers, you can unlock your brand's true potential and offer customers the personalized jewelry experiences they desire.
The co-founder of Lewis Jewelers was also the longtime mayor of the city of Moore.
Elvis Presley gifted this circa 1967 gold and diamond watch to Dodie Marshall, his co-star in “Easy Come, Easy Go.”
Concerns about rising prices, politics, and global conflicts continue to dampen consumer outlook.
May’s birthstone is beloved for its rich green hue and its versatility.
Jacqui Larsson joins Opsydia with nearly two decades of experience in the industry.
Last month in Dallas, David Walton pushed another jeweler, David Ettinger, who later died.
The “Tiffany Céleste” collection reimagines designer Jean Schlumberger’s interpretations of the universe.
Tim Schlick has been promoted from his previous position as COO.
It’s the second year for the event, slated to take place in October in Toronto.
Supplier Spotlight Sponsored by GIA
Sales will be paused while the relocation takes place over the next few months.
“SIS x MISA Denim and Diamonds” is a collaboration between the designer and celebrity stylist Misa Hylton.
The retailer is moving to a newly designed space in the same shopping center.
Gifts that are unique and thoughtful are top of mind this year, according to the annual survey.
The necklace is featured in the brand’s “Rebel Heart” campaign starring Adam Levine and Behati Prinsloo.
The two organizations will host a joint event, “Converge,” in September 2025.
Big changes appear to be on the horizon for the diamond miner and its parent company, Anglo American.
Padis succeeds Lisa Bridge, marking the first time the organization has had two women board presidents in a row.