ColumnistsApr 23, 2024
The Smart Lab: Advanced Email Marketing Strategies for Mother’s DayEmmanuel Raheb recommends digging into demographic data, customizing your store’s communications, and retargeting ahead of May 12.
MajorsApr 03, 2018
Saks, Lord & Taylor the Latest Hit by Hackers
They reportedly gained access to the retailers’ cash register systems to steal payment card data from more than 5 million customers.
Hudson’s Bay Company announced Sunday that hackers had gained access to the debit and credit card numbers of customers at two of its retailers--Lord &Taylor and Saks.
New York--Saks Fifth Avenue and sister retailer Lord & Taylor just joined the long list of large companies that have been hacked.
On Sunday, parent company Hudson’s Bay Co. issued a short statement confirming that it had become aware of a “data security issue” involving the credit and debit card numbers of customers who shopped at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America.
While the investigation is ongoing, HBC said it doesn’t appear the breach impacted customers who shopped at any of its other stores or online, including on Gilt.com.
“The company deeply regrets any inconvenience or concern this might cause,” the statement reads. “Once the company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”
HBC did not release any specifics about the number of consumers or location of stores impacted, but in a blog post also published Sunday, Gemini Advisory pinned the attack on a cybercrime syndicate known as JokerStash or Fin7.
The cybersecurity research firm said Fin7 announced March 28 it would be releasing for sale more than 5 million stolen debit and credit card numbers on the dark web, and already has put about 125,000 out there.
Fin7 didn’t say where it obtained the numbers, but Gemini said it confirmed with a “high degree of confidence” that the numbers came from Saks Fifth Avenue and Lord & Taylor. It estimated the breach occurred between May 2017 and now, impacting all Lord & Taylor and 83 Saks stores mainly in New York and New Jersey.
The research firm said it is “among the most significant credit card heists in modern history.”
A spokesperson for HBC declined to comment on Gemini’s statement.
Cybercrime is a growing problem for retailers, including retail jewelers.
In its recently released annual crime report for 2017, the Jewelers Security Alliance noted a “large dollar increase” in thefts by deception and impersonation made possible by the internet, with the average loss from this type of incident topping $1 million.
JSA President John J. Kennedy called it a “dangerous and growing crime trend” for the industry.
On Monday, he offered a number of cybersecurity tips for retailers. Some, he noted, might involve hiring an IT consulting firm.
Kennedy said retailers need to have proper firewalls and up-to-date anti-malware software for all systems, and they need to avoid visiting “questionable and risky sites.”
Jewelers
also need to educate their staff on the common mistakes made that let hackers in.
Kennedy said one of the main methods cybercriminals employ is social engineering, in which they use various methods to win the trust of the company’s employees in order to gain unauthorized access to its IT system.
(The New York Times reported this is what was used by the hackers who targeted Saks and Lord & Taylor. The credit and debit card numbers were stolen via software implanted into the stores’ cash register systems that, most likely, was installed through phishing emails sent to HBC employees.)
He said staff need to be told, or reminded, not to open or click into unknown or suspicious emails.
They also need to be aware that emails can be spoofs—which use the exact email address of known individuals—or come from someone who has obtained an email address that is very similar to, but not exactly the same as, a known party’s address. They need to look for foreign domains, misspellings and other anomalies in emails.
When a transaction is involved, Kennedy recommends calling the person on the phone to confirm that it is not a fraud.
He also recommends having a written cybersecurity policy employees have to read and sign, and having regular staff meetings that include reviews of the company’s cybersecurity protocols.
Kennedy said one of the main methods cybercriminals employ is social engineering, in which they use various methods to win the trust of the company’s employees in order to gain unauthorized access to its IT system.
(The New York Times reported this is what was used by the hackers who targeted Saks and Lord & Taylor. The credit and debit card numbers were stolen via software implanted into the stores’ cash register systems that, most likely, was installed through phishing emails sent to HBC employees.)
He said staff need to be told, or reminded, not to open or click into unknown or suspicious emails.
They also need to be aware that emails can be spoofs—which use the exact email address of known individuals—or come from someone who has obtained an email address that is very similar to, but not exactly the same as, a known party’s address. They need to look for foreign domains, misspellings and other anomalies in emails.
When a transaction is involved, Kennedy recommends calling the person on the phone to confirm that it is not a fraud.
He also recommends having a written cybersecurity policy employees have to read and sign, and having regular staff meetings that include reviews of the company’s cybersecurity protocols.
More on Majors
The Latest
IndependentsApr 23, 2024
Hannoush Jewelers Opens New Store in New York Located in the town of Queensbury, it features a dedicated bridal section and a Gabriel & Co. store-in-store.
SourcingApr 23, 2024
Rio Tinto’s Q1 Production Drops Amid Pause to Honor Lost Colleagues The mining company’s Diavik Diamond Mine lost four employees in a plane crash in January.
Brought to you by
The Blueprint for Success in Scalable, Personalized Jewelry RetailWith Ho Brothers, you can unlock your brand's true potential and offer customers the personalized jewelry experiences they desire.
SourcingApr 23, 2024
Lucapa Sells 3 Diamonds for $10.5M in First Lulo Tender of 2024A 203-carat diamond from the alluvial mine in Angola achieved the highest price.
Weekly QuizApr 19, 2024
This Week’s QuizTest your jewelry news knowledge by answering these seven questions.
GradingApr 23, 2024
GIA Has a New Book About William RuserRuser was known for his figural jewelry with freshwater pearls and for his celebrity clientele.
CollectionsApr 22, 2024
Jacquie Aiche’s New Campaign Stars Adam Levine, Behati PrinslooThe “Rebel Heart” campaign embodies rebellion, romance, and sensuality, the brand said.
Brought to you by
How Jewelers of America Represents Your BusinessFor over 30 years, JA has advocated for the industry, fought against harmful legislation and backed measures that help jewelry businesses.
EditorsApr 22, 2024
The 22 Best Quotes from AGS Conclave 2024 Editor-in-Chief Michelle Graff shares the standout moments from the education sessions she attended in Austin last week.
SourcingApr 22, 2024
Virtual Diamond Boutique Rebrands as ‘VDB’The overhaul includes a new logo and enhanced digital marketplace.
CollectionsApr 19, 2024
Piece of the Week: Retrouvaí’s Treasure NecklaceA new addition to the “Heirloom” collection, this one-of-a-kind piece features 32 custom-cut gemstones.
CrimeApr 19, 2024
Grand Jury to Hear Case Against Jeweler Charged in Fatal Shove Following IJO ShowLast month in Dallas, David Walton pushed another jeweler, David Ettinger, who later died.
GradingApr 19, 2024
AGS Ideal Report Now Available in Printed FormFrom now through mid-May, GIA will be offering the reports at a 50 percent discount.
SourcingApr 18, 2024
Diamond Trade Remains Cautious Amid Economic UncertaintyDe Beers’ rough diamond sales were down 18 percent year-over-year in its latest round of sales.
Supplier BulletinApr 18, 2024
Discover History’s Hidden Gems at the Las Vegas Antique Jewelry & Watch ShowSponsored by the Las Vegas Antique Jewelry & Watch Show
WatchesApr 18, 2024
Watch E-tailer Collectability Hires Kelly YochThe Patek Philippe expert will serve as personal curator for the brand-focused company.
WatchesApr 18, 2024
TAG Heuer Opens Its Largest Standalone Boutique at SeaThe 553-square-foot shop is aboard the Carnival Jubilee cruise ship.
Policies & IssuesApr 17, 2024
NDC Prevails in U.K. Case Over Lab-Grown Diamond AdvertisingNDC filed a complaint against Skydiamond for use of phrases like “diamonds made entirely from the sky.”
Events & AwardsApr 17, 2024
And the 2024 Winner of the Shipley Award Is … John Carter received the AGS’s highest honor Tuesday afternoon at Conclave in Austin, Texas.
FinancialsApr 17, 2024
LVMH’s Q1 Jewelry Sales Fall 5%LVMH said the company performed well despite an uncertain geopolitical and economic environment.
MajorsApr 17, 2024
Stuller’s B&D Opens New HeadquartersB&D Sales and Service held a ribbon-cutting event for its new location in Cranston, Rhode Island.
CollectionsApr 16, 2024
Akaila Reid Launches ‘Eat Cake’ CollectionIt’s ultra-feminine and filled with gold, pearls, and soft pastels.
MajorsApr 16, 2024
Loudr Adds 2 DirectorsEmily Highet Morgan and Emily Bennett have joined the agency’s team.
MajorsApr 16, 2024
Stuller Releases First Lab-Grown Diamond Jewelry CatalogIts updated book for mountings is also now available.
SourcingApr 16, 2024
Karen Rentmeesters Takes Over as Interim CEO of AWDCShe has been with the organization since 2010, most recently serving as its chief officer of PR and industry relations.
TechnologyApr 15, 2024
Judge Rules Jeweler’s Lawsuit Against PNC Bank Can Move ForwardJoyce’s Jewelry sued the bank after cybercriminals drained its accounts of nearly $1.6 million through a series of wire transfers.
IndependentsApr 15, 2024
Alfred W. DeScenza of DeScenza Diamonds Dies at 95He is remembered by loved ones for his loyalty, integrity, and kindness.
