Security firm Gemini Advisory disclosed the breach, saying that while only 125,000 cards have been released so far, the hackers are advertising a total of five million payment card numbers lifted from stores mostly in NY and New Jersey, though they believe much of the retail network for all three stores was infected.
Fortunately, thee- shopping platforms of the duped retail chains and other stores, namely Hudson's Bay, GaleriaKaufhof, Home Outfitters, HBC Europe and Gilt.com have not come under the scanner.
Right now, the companies don't know whose data was affected, but they don't believe Social Security numbers or driver's license numbers were stolen.
The majority of the cards compromised in the theft belong to the customers that shopped in NY and New Jersey, the cybersecurity firm said, calling the heist "among the biggest and most damaging to ever hit retail companies".
The firm said in a blog post that the majority of stolen credit and debit cards were from stores in NY and New Jersey.
Gemini Advisory's analysis estimates that the HBC-owned stores were compromised somewhere around May 2017.
The firm found that three Canadian Saks locations were exposed to the breach: Sherway Gardens in Toronto, Bramalea City Centre in Brampton, Ont. and Pickering Town Centre in Pickering, Ont.
Kawhi Leonard returns to NY for rehab
Leonard showed up for a team picture on March 17 and the other San Antonio players held an impromptu meeting with him. He has only played in nine games after missing the first 27, and hasn't played since he was shut down in January.
Data breaches have become a commonplace risk for both customers and companies as hackers target corporations with weak cybersecurity.
Hackers said they have information on more than five million credit debit and credit card numbers from shoppers at the stores and have released them for sale through the "dark web, " a series of websites that hackers as well as others use to anonymously share that type of data.
Gemini Advisory has alleged that the cyber-attacker group known as JokerStash is behind the sale of the stolen payment cards.
Information from about 5 million credit and debit cards was compromised in the hack.
In the cybercrime world, it's "hacks of Fifth Avenue".
If you think you may have used your credit card at any of these chains between May 2017 and the end of March 2018, the first thing you need to do is not panic.
Sportswear company Under Armour admitted on Friday that hackers had broken into their system and stolen data from the MyFitnessPal fitness-tracking app, exposing information from 150 million users. "HBC encourages customers to review their account statements and contact their card issuers immediately if they identify activity or transactions they do not recognize".