Notorious hacking collective JokerStash has been fingered for an attack that has compromised more than five million card numbers from customers of Saks Fifth Avenue and Lord & Taylor.
Toronto-based Hudson Bay, which owns both retail brands confirmed that it recently became aware of a "data security issue" which saw cards used in some North American stores compromised.
"We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring," says the firm.
According to cybersecurity outfit Gemini Advisory, hacking group JokerStash - also known as Fin7 - posted online last week that it was releasing the details of over five million credit and debit cards.
Gemini says that it has worked with several banks to confirm with a "high degree of confidence" that the data come from Saks and Lord & Taylor stores. The majority of stolen cards were obtained from New York and New Jersey sites between May 2017 and this March.
JokerStash has a string of successful high-profile breaches behind it, including against Whole Foods, Chipotle and Trump Hotels.