Cybercriminals have obtained more than five million credit & debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor. The data was stolen using software that was implanted into the cash register systems at the stores. The investigation continues, but its e-commerce platform appears to not have been affected by the breach. However, the company has not stated how may customer accounts or stores were affected by the attack. This theft is one of the largest known breaches of a retailer and demonstrates how hard it is to secure credit-card transaction systems.
It was found that a group of Russian-speaking hackers known as Fin7 or JokerStash posted online that it had obtained a cache of five million stolen card numbers. Fin7 did not state where the numbers had been obtained. It is unclear how the malware was installed in the stores checkout systems, but it was stated that it was most likely from phishing emails.
Click here for the link.
Russian hacks have particularly grown in the last 2 years and this is quite alarming for sure. Good news is that the main financial platform i.e. the e-commerce seems to be unaffected and this could probably be an indication that customer data would not have been stolen. There is a serious need to have more strict regulations with respect to such attacks and to equip retail companies, which are particulate high-transaction systems, with anti-cyber attack systems.