<div dir="ltr"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="https://www.wsj.com/articles/saks-lord-taylor-hit-with-data-breach-1522598460">https://www.wsj.com/articles/saks-lord-taylor-hit-with-data-breach-1522598460</a></div><div dir="ltr"><br></div><div dir="ltr"><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word;color:rgb(51,51,51);font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Hackers breached the payment systems of Saks Fifth Avenue and Lord & Taylor department stores and stole credit card information for millions of shoppers, the latest in a series of intrusions that have exposed security gaps in corporate networks.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word;color:rgb(51,51,51);font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Hackers claim they have five million credit card and debit card numbers from the stores and have been releasing them for sale on the “dark web,” a network of websites used by hackers and others to anonymously share information, according to<span> </span><a href="https://geminiadvisory.io/fin7-syndicate-hacks-saks-fifth-avenue-and-lord-taylor" target="_blank" class="gmail-icon gmail-none" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:0% 0%/30px 30px no-repeat transparent;color:rgb(0,128,195);text-decoration:none;outline:none">Gemini Advisory LLC, a New York-based cybersecurity firm</a>. The hackers began stealing the card numbers in May 2017, the firm estimates.</p><div class="gmail-paywall" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:10px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;color:rgb(51,51,51);font-family:Arial,Helvetica,sans-serif;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">A spokesman for<span> </span><a href="http://quotes.wsj.com/CA/XTSE/HBC" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:transparent;color:rgb(0,128,195);text-decoration:none;outline:none">Hudson’s Bay</a><span> </span><span class="gmail-company-name-type" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent">Co.</span><span> </span><a href="http://quotes.wsj.com/CA/XTSE/HBC?mod=chiclets" class="gmail-media-object-chiclet gmail-up" style="margin:0px 5px 0px 3px;padding:0px 0px 1px;font-size:13px;vertical-align:baseline;background:transparent;color:rgb(51,51,51);text-decoration:none;outline:none;font-family:Retina,"Whitney SSm";line-height:27px;font-weight:300;font-style:normal;letter-spacing:0.05em;border-bottom:1px solid rgb(0,159,143);white-space:nowrap">HBC<span> </span><span style="margin:0px;padding:0px;border:0px;outline:0px;font-size:13px;font-weight:500;font-style:normal;vertical-align:baseline;background:transparent;display:inline-block">3.60%</span><span> </span></a>of Canada, which owns the two chains, confirmed a security breach involving customer payment card data at its Saks Fifth Avenue, Saks Off 5th and Lord & Taylor chains in North America.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">He said an investigation is ongoing and didn’t say how many accounts were exposed. At this point, the company doesn’t believe Social Security or driver’s license numbers have been compromised and said it would notify any affected customers once it has completed its investigation.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">“We have identified the issue, and have taken steps to contain it,” the spokesman said, adding that the company is coordinating with law enforcement. Customers will be offered free identity protection services, including credit monitoring, and won’t be liable for fraudulent charges, he said.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">The retailer said there was no indication at this time that the breach affected its e-commerce operations, or other store brands it owns, including the Hudson’s Bay department-store chain in Canada or Galeria Kaufhof in Germany.</p><div id="gmail-realtor" class="gmail-wsj-body-ad-placement" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:10px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent"><div class="gmail-wsj-body-ad" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:10px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;text-align:center;display:flex;clear:left"><div class="gmail-wsj-responsive-ad-wrap gmail-wsj-ad-article-body" id="gmail-wsj-body-AD_RE" style="margin:0px 0px 30px;padding:0px;border:0px;outline:0px;font-size:10px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;min-height:1px;clear:left"></div></div></div><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">So far, 125,000 cards that had been used at Saks or Lord & Taylor have been released for sale by the hackers, according to Gemini Advisory. Some were cards that were used by card owners as recently as last month in one of the affected stores, according to Dmitry Chorine, Gemini Advisory’s chief technology officer.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">The group behind the hack is known as JokerStash Syndicate or Fin 7. It appears to have penetrated the retailers’ point of sale systems, Mr. Chorine said.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">After previous breaches the JokerStash group has released credit-card data in smaller batches, to avoid flooding the market for illegally obtained payment credentials, Mr. Chorine said.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">The incident is the latest in a string of hacks that have compromised consumer data. Nearly 148 million U.S. consumers had personal information stolen, including parts of their driver’s license,<span> </span><a href="https://www.wsj.com/articles/weve-been-breached-inside-the-equifax-hack-1505693318" class="gmail-icon gmail-none" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:0% 0%/30px 30px no-repeat transparent;color:rgb(0,128,195);text-decoration:none;outline:none">as part of a breach last year at Equifax Inc.</a>, a credit-rating firm. In 2013, more than 40 million people had their name, address or phone number taken in a<span> </span><a href="http://quotes.wsj.com/TGT" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:transparent;color:rgb(0,128,195);text-decoration:none;outline:none">Target</a><span class="gmail-company-name-type" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent">Corp.</span><span> </span>breach.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">On Friday,<span> </span><a href="http://quotes.wsj.com/UAA" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:transparent;color:rgb(0,128,195);text-decoration:none;outline:none">Under Armour</a><span> </span><span class="gmail-company-name-type" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent">Inc.</span><span> </span>disclosed that someone illegally accessed data from its MyFitnessPal fitness-tracking app in late February,<span> </span><a href="https://www.wsj.com/articles/under-armour-discloses-breach-affecting-150-million-myfitnesspal-app-users-1522362412" class="gmail-icon gmail-none" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:0% 0%/30px 30px no-repeat transparent;color:rgb(0,128,195);text-decoration:none;outline:none">affecting some 150 million users</a>. Personal data such as emails, usernames and passwords were exposed, but credit-card information and driver’s license numbers weren’t compromised, the athletic-wear company said. Under Armour said it has enlisted data-security firms and law enforcement to investigate the scope of the breach.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">JokerStash has been linked to a series of breaches, dating back years,<span> </span><a href="https://www.wsj.com/articles/whole-foods-data-breach-affected-about-100-taprooms-restaurants-1508526726" class="gmail-icon gmail-none" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:0% 0%/30px 30px no-repeat transparent;color:rgb(0,128,195);text-decoration:none;outline:none">including break-ins at Whole Foods</a><span> </span>Market,<span> </span><a href="http://quotes.wsj.com/CMG" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:transparent;color:rgb(0,128,195);text-decoration:none;outline:none">Chipotle Mexican Grill</a><span> </span><span class="gmail-company-name-type" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent">Inc.,</span><span> </span><a href="https://www.wsj.com/articles/omni-hotels-warns-of-data-breach-1468010853" class="gmail-icon gmail-none" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:0% 0%/30px 30px no-repeat transparent;color:rgb(0,128,195);text-decoration:none;outline:none">Omni Hotels & Resorts</a><span> </span>and Trump Hotels, according to Gemini Advisory.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">To make their systems more secure, retailers have been switching to a new form of payment called EMV, for Europay Mastercard and Visa, which uses a computer chip in the card to authenticate transactions.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">Hudson’s Bay said all Saks Fifth Avenue and Saks Off 5th stores had EMV systems installed by the fall of 2016, while Lord & Taylor stores were equipped with the system by February 2017.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">The breach is the latest challenge for Hudson’s Bay, which acquired Lord & Taylor in 2012 and Saks in 2013. Like other department store operators, it has been struggling with slowing or declining sales as shoppers buy more online, shift their preferences to specialty stores and spend more of their budgets on travel and entertainment.</p><div id="gmail-unruly" class="gmail-wsj-body-ad-placement" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:10px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent"><div class="gmail-wsj-body-ad" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:10px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;text-align:center;display:flex;clear:left"><div class="gmail-wsj-responsive-ad-wrap gmail-wsj-ad-article-body" id="gmail-wsj-body-AD_G3" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:10px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;min-height:1px;clear:left"></div></div></div><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">In addition, Hudson’s Bay has had to contend with an activist investor and a recent CEO switch. In February, the company<span> </span><a href="https://www.wsj.com/articles/saks-owner-to-hire-cvs-veteran-as-next-ceo-1517849378" class="gmail-icon gmail-none" style="margin:0px;padding:0px;font-size:17px;vertical-align:baseline;background:0% 0%/30px 30px no-repeat transparent;color:rgb(0,128,195);text-decoration:none;outline:none">hired CVS Health Inc. executive Helena Foulkes as chief executive</a>, filling a position that was vacated last fall.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">Last week, the company reported mixed results for its latest quarter, with same-store sales rising at Saks but falling at its department-store group and off-price division. Ms. Foulkes told analysts that “everything is on the table” when it comes to fixing the business. “There are no sacred cows,” she said on a conference call.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">For the 12 months ended Feb. 3, the company reported a loss of 581 million Canadian dollars ($450 million) and total sales that were little changed at C$14.4 billion.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">Activist shareholder Land & Buildings Investment Management LLC has been urging the company to sell divisions and make better use of its real estate, including its flagship Saks Fifth Avenue store in Manhattan. In January, it sent a letter to Hudson’s Bay’s shareholders saying the company should consider going private.</p><p style="margin:0px 0px 17px;padding:0px;border:0px;outline:0px;font-size:17px;font-weight:400;font-style:normal;vertical-align:baseline;background:transparent;font-family:Exchange,"Chronicle SSm",serif;line-height:27px;word-wrap:break-word">Last year, Hudson’s Bay agreed to sell its Lord & Taylor flagship store in Manhattan for $850 million to a group that includes WeWork Cos, the office-sharing startup. The company has been slimming down its workforce, as part of an effort to save $350 million annually.</p></div><br><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>