Information from a set of more than five millions credit and debit cards used by shoppers at Saks Fifth Avenue and Lord & Taylor stores has been posted for sale on the dark web by hackers.
The hacker syndicate believed to be responsible goes by 'Fin7,' according to Gemini Advisory, the cybersecurity firm that first announced the breach of the retailers owned by Canadian retail business group Hudson's Bay Company (HBC) on Sunday.
The 'attack is amongst the biggest and most damaging to ever hit retail companies,' according to the firm.
The firm said approximately 125,000 records have been released for sale on the dark web as of Sunday, with the rest anticipated to be made available for purchase within months.
'HBC has identified the issue, and has taken steps to contain it,' the company said on Sunday.
Information from a set of more than five millions credit and debit cards used by shoppers at Saks Fifth Avenue and Lord & Taylor stores, all owned by Hudson's Bay Company (HBC), has been posted for sale on the dark web; A stock image of a Saks Fifth Avenue located in Toronto, Ontario, Canada is shown here
The company did not reveal how the hackers were able to gain access to its payment data.
'Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,' HBC said.
Gemini Advisors determined that data was breached dating back to May 2017.
The firm said the hacking syndicate which also goes by JokerStash has called the batch of stolen data, 'BIGBADABOOM-2.'
Of the records already released for sale, it's believed that approximately 35,000 records came frmo Saks Fifth Avenue and 90,000 records came from Lord & Taylor stores.
'Based on the analysis of records that are currently available, it appears that all Lord & Taylor and 83 US based Saks Fifth Avenue locations have been compromised,' Gemini Advisory said.
'In addition, we identified three potentially compromised stores located in Ontario, Canada. However, the majority of stolen