In April 2018, it was discovered that five million credit card holders may have had their information exposed after a data breach at Saks Fifth Avenue, Saks OFF 5th and Lord & Taylor stores in North America. It’s possible that customer data was at risk for approximately nine months before the issue was detected and dealt with.
It’s believed that from July 2017 to March 2018, a group of illegal hackers began selling the stolen information on the dark web under the name “BIGBADABOOM-2”, but while the extent of its holdings remains unclear, about 125,000 records were immediately released for sale.
It is not known the exact number of customer accounts or stores that were affected by the breach, but that it mainly originated from the New York Metropolitan area and other Northeast US states.
Owners of the retail chains, Hudson Bay Co, said in a statement:
“The breach was caused by malware, a type of software inserted into its system to collect customer payment card information, including cardholder names, payment card numbers and expiration dates. The company wants to reassure affected customers that they will not be liable for fraudulent charges that may result from this matter.”
Eva Velasquez, president and CEO of the Identity Theft Resource Center said it was “troubling” how long the data breach went undetected and that it may be a sign that hackers are getting more sophisticated and able to conceal their activities.
With organisations facing an increased risk of data breaches that could impact millions of consumers, it’s imperative to continuously evaluate their network and review the way they store sensitive customer information. The Payment Card Industry Data Security Standard (PCI-DSS) outlines that for companies to maintain the trust of their customers, they need to be taking relevant steps to secure any sensitive data.
Our omni-channel payment platform offers the highest level of PCI-DSS compliance throughout, ensuring our clients receive a safe and dependable solution for taking payments across a number of methods, including telephone, web and SMS. Card information isn’t processed or stored on the organisation’s network, dramatically reducing the impact if a data breach were to occur.
Chris Cairns, Head of IT at Key IVR states:
“Our services run on an industry-leading platform, which is vigorously checked and monitored for suspicious activity, to ensure our clients have peace of mind that we will maintain their payment systems security. We monitor for any unauthorised access, malicious scripts or Malware 24/7/365, ensuring immediate response if anything were to occur.”
Find out more about our omni-channel payments solution