EditorsNov 22, 2024
Out & About: Inside the CD Peacock MansionStep inside the nearly 21,000-square-foot suburban Chicago jewelry store with Editor-in-Chief Michelle Graff.
MajorsApr 03, 2018
Saks, Lord & Taylor the Latest Hit by Hackers
They reportedly gained access to the retailers’ cash register systems to steal payment card data from more than 5 million customers.
Hudson’s Bay Company announced Sunday that hackers had gained access to the debit and credit card numbers of customers at two of its retailers--Lord &Taylor and Saks.
New York--Saks Fifth Avenue and sister retailer Lord & Taylor just joined the long list of large companies that have been hacked.
On Sunday, parent company Hudson’s Bay Co. issued a short statement confirming that it had become aware of a “data security issue” involving the credit and debit card numbers of customers who shopped at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America.
While the investigation is ongoing, HBC said it doesn’t appear the breach impacted customers who shopped at any of its other stores or online, including on Gilt.com.
“The company deeply regrets any inconvenience or concern this might cause,” the statement reads. “Once the company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”
HBC did not release any specifics about the number of consumers or location of stores impacted, but in a blog post also published Sunday, Gemini Advisory pinned the attack on a cybercrime syndicate known as JokerStash or Fin7.
The cybersecurity research firm said Fin7 announced March 28 it would be releasing for sale more than 5 million stolen debit and credit card numbers on the dark web, and already has put about 125,000 out there.
Fin7 didn’t say where it obtained the numbers, but Gemini said it confirmed with a “high degree of confidence” that the numbers came from Saks Fifth Avenue and Lord & Taylor. It estimated the breach occurred between May 2017 and now, impacting all Lord & Taylor and 83 Saks stores mainly in New York and New Jersey.
The research firm said it is “among the most significant credit card heists in modern history.”
A spokesperson for HBC declined to comment on Gemini’s statement.
Cybercrime is a growing problem for retailers, including retail jewelers.
In its recently released annual crime report for 2017, the Jewelers Security Alliance noted a “large dollar increase” in thefts by deception and impersonation made possible by the internet, with the average loss from this type of incident topping $1 million.
JSA President John J. Kennedy called it a “dangerous and growing crime trend” for the industry.
On Monday, he offered a number of cybersecurity tips for retailers. Some, he noted, might involve hiring an IT consulting firm.
Kennedy said retailers need to have proper firewalls and up-to-date anti-malware software for all systems, and they need to avoid visiting “questionable and risky sites.”
Jewelers
also need to educate their staff on the common mistakes made that let hackers in.
Kennedy said one of the main methods cybercriminals employ is social engineering, in which they use various methods to win the trust of the company’s employees in order to gain unauthorized access to its IT system.
(The New York Times reported this is what was used by the hackers who targeted Saks and Lord & Taylor. The credit and debit card numbers were stolen via software implanted into the stores’ cash register systems that, most likely, was installed through phishing emails sent to HBC employees.)
He said staff need to be told, or reminded, not to open or click into unknown or suspicious emails.
They also need to be aware that emails can be spoofs—which use the exact email address of known individuals—or come from someone who has obtained an email address that is very similar to, but not exactly the same as, a known party’s address. They need to look for foreign domains, misspellings and other anomalies in emails.
When a transaction is involved, Kennedy recommends calling the person on the phone to confirm that it is not a fraud.
He also recommends having a written cybersecurity policy employees have to read and sign, and having regular staff meetings that include reviews of the company’s cybersecurity protocols.
Kennedy said one of the main methods cybercriminals employ is social engineering, in which they use various methods to win the trust of the company’s employees in order to gain unauthorized access to its IT system.
(The New York Times reported this is what was used by the hackers who targeted Saks and Lord & Taylor. The credit and debit card numbers were stolen via software implanted into the stores’ cash register systems that, most likely, was installed through phishing emails sent to HBC employees.)
He said staff need to be told, or reminded, not to open or click into unknown or suspicious emails.
They also need to be aware that emails can be spoofs—which use the exact email address of known individuals—or come from someone who has obtained an email address that is very similar to, but not exactly the same as, a known party’s address. They need to look for foreign domains, misspellings and other anomalies in emails.
When a transaction is involved, Kennedy recommends calling the person on the phone to confirm that it is not a fraud.
He also recommends having a written cybersecurity policy employees have to read and sign, and having regular staff meetings that include reviews of the company’s cybersecurity protocols.
More on Majors
The Latest
CollectionsNov 22, 2024
Piece of the Week: Xander Jane’s ‘Spiked’ Pearl StudsThese punk-inspired earrings from the new Canadian brand’s debut collection reveal the alter ego of the classic pearl.
SourcingNov 22, 2024
Facets of Fire Expands to Include Pear, Marquise DiamondsThe company brings its nanotechnology to two new fancy cuts for diamonds that feature its signature color and brilliance.
Brought to you by
Navigating Cybersecurity: Essential Guidance for JewelersFrom protecting customer data to safeguarding inventory records, it's crucial to learn how to tackle cybersecurity challenges.
Supplier BulletinNov 21, 2024
Tasha R Releases 2025 Labbelle Lab Diamond Jewelry CatalogSponsored by Tasha R
Weekly QuizNov 21, 2024
This Week’s QuizTest your jewelry news knowledge by answering these questions.
AuctionsNov 21, 2024
Gold Watch Gifted to Titanic Rescue Ship Captain Sells for $2MThree Titanic survivors presented him with the personalized Tiffany & Co. timepiece about a year after the tragedy.
CollectionsNov 21, 2024
Channel Elphaba in Muse’s ‘Have a Heart x Cynthia Erivo’ CollectionCynthia Erivo chose Dreams of Hope, an organization dedicated to empowering LGBTQA+ youth, as the charity for this year’s collection.
Brought to you by
Enhance Your Expertise with IGI’s In-Person Courses in NYCThis fall, sharpen your skills in jewelry grading, quality control and diamond assessment.
IndependentsNov 21, 2024
Mary Moses Kinney Is Now Part of The Edge’s Team Kinney, who spent nearly 30 years at IJO, has been hired to head Abbott Jewelry Systems’ new virtual marketplace.
CrimeNov 20, 2024
Sotheby’s to Pay $6.25M Settlement to NY State for Alleged Tax FraudThe auction house was accused of helping clients avoid paying taxes on millions of dollars’ worth of art purchased from 2010 to 2020.
Events & AwardsNov 20, 2024
Kering Debuts New Jewelry Award With Sustainability FocusThe four finalists will present their pieces at the 2025 JCK Las Vegas show.
CollectionsNov 20, 2024
Pamela Love Channels Surrealist Artists in New CollectionThe “Camera Oscura” collection showcases earring designs celebrating female Surrealist artists Claude Cahun and Leonor Fini.
Policies & IssuesNov 20, 2024
Columbia Gem House Raises $10K for Reforestation EffortsThe money will fund the planting of 10,000 trees in critical areas across Oregon, Arizona, Montana, and other regions.
Events & AwardsNov 20, 2024
The Jewelry Symposium Opens Registration, Scholarship ApplicationsThe event centered on advancing jewelry manufacturing technology will return to Detroit in May 2025.
CrimeNov 19, 2024
Woman Killed in Armed Robbery of Sacramento Jewelry StoreLocal reports identified the woman as the wife of the jewelry store owner.
AuctionsNov 19, 2024
‘A Tsar’s Treasure’ Fetches $2.9M at Sotheby’s Jewelry SaleA collection of pieces owned by Ferdinand I, the first king of modern Bulgaria, and his family, blew away estimates in Geneva last week.
MajorsNov 19, 2024
Trove Opens First US Flagship in NYCThe Australian jewelry box brand’s new West Village store will showcase new jewelers each month through its Designer in Residence program.
CollectionsNov 19, 2024
Snoop Dogg’s New Jewelry Collection Is All About Love“Lovechild” was created in partnership with Carolyn Rafaelian’s Metal Alchemist brand.
EditorsNov 18, 2024
Q&A: Helzberg CEO Brad Hampton on the Jeweler’s RebrandHampton discussed how Helzberg is improving the customer experience and why it was inspired by the company formerly known as Dunkin’ Donuts.
Policies & IssuesNov 18, 2024
Reciprocity Jewels Returns to NYC Jewelry WeekThe group will host several curated events and an exhibition of designer jewelry made with Peruvian gold traceable to the miners’ names.
CollectionsNov 18, 2024
Dolly Parton Shines in Collaboration with Kendra ScottThe collection honors the 50th anniversary of Dolly Parton’s “Love is Like a Butterfly” song, which shares a birth year with Kendra Scott.
Events & AwardsNov 18, 2024
IGI Jewelry Design Competition ReturnsThis year’s theme asks designers to take inspiration from classic fairy tales.
EditorsNov 15, 2024
Why Fine Jewelry Belongs at New York Comic ConSenior Editor Lenore Fedow makes the case for why more jewelers should be appealing to nerds at the annual event.
CollectionsNov 15, 2024
Marie Lichtenberg Battles Counterfeits with New ‘Raiz’in Scapular’ DesignsThe latest “Raiz’in” drop showcases a newly designed “Scapular” necklace and donates a portion of the proceeds to Make-A-Wish France.
WatchesNov 15, 2024
Piece of the Week: Citizen’s Commemorative Pocket WatchNo. 1 out of 100, the timepiece was created to mark Citizen’s 100th anniversary and will be auctioned off at Sotheby’s next month.
Recorded WebinarsNov 15, 2024
Watch: 10 Tips to Keep Your Jewelry Store Secure On the latest episode of “My Next Question,” two experts share best practices for store security during the holidays and year-round.
AuctionsNov 14, 2024
18th-Century Diamond Necklace Sells for Nearly $5M Sotheby’s sold the necklace, which potentially has ties to Marie-Antoinette, for $4.8 million to a woman bidding via phone.
