SurveysDec 04, 2024
In-Store Shopping Outpaced Online Over the Holiday Weekend, Says NRF A total of 126 million consumers shopped in stores over the five-day period, about 5 million more than last year.
MajorsApr 03, 2018
Saks, Lord & Taylor the Latest Hit by Hackers
They reportedly gained access to the retailers’ cash register systems to steal payment card data from more than 5 million customers.
Hudson’s Bay Company announced Sunday that hackers had gained access to the debit and credit card numbers of customers at two of its retailers--Lord &Taylor and Saks.
New York--Saks Fifth Avenue and sister retailer Lord & Taylor just joined the long list of large companies that have been hacked.
On Sunday, parent company Hudson’s Bay Co. issued a short statement confirming that it had become aware of a “data security issue” involving the credit and debit card numbers of customers who shopped at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America.
While the investigation is ongoing, HBC said it doesn’t appear the breach impacted customers who shopped at any of its other stores or online, including on Gilt.com.
“The company deeply regrets any inconvenience or concern this might cause,” the statement reads. “Once the company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”
HBC did not release any specifics about the number of consumers or location of stores impacted, but in a blog post also published Sunday, Gemini Advisory pinned the attack on a cybercrime syndicate known as JokerStash or Fin7.
The cybersecurity research firm said Fin7 announced March 28 it would be releasing for sale more than 5 million stolen debit and credit card numbers on the dark web, and already has put about 125,000 out there.
Fin7 didn’t say where it obtained the numbers, but Gemini said it confirmed with a “high degree of confidence” that the numbers came from Saks Fifth Avenue and Lord & Taylor. It estimated the breach occurred between May 2017 and now, impacting all Lord & Taylor and 83 Saks stores mainly in New York and New Jersey.
The research firm said it is “among the most significant credit card heists in modern history.”
A spokesperson for HBC declined to comment on Gemini’s statement.
Cybercrime is a growing problem for retailers, including retail jewelers.
In its recently released annual crime report for 2017, the Jewelers Security Alliance noted a “large dollar increase” in thefts by deception and impersonation made possible by the internet, with the average loss from this type of incident topping $1 million.
JSA President John J. Kennedy called it a “dangerous and growing crime trend” for the industry.
On Monday, he offered a number of cybersecurity tips for retailers. Some, he noted, might involve hiring an IT consulting firm.
Kennedy said retailers need to have proper firewalls and up-to-date anti-malware software for all systems, and they need to avoid visiting “questionable and risky sites.”
Jewelers
also need to educate their staff on the common mistakes made that let hackers in.
Kennedy said one of the main methods cybercriminals employ is social engineering, in which they use various methods to win the trust of the company’s employees in order to gain unauthorized access to its IT system.
(The New York Times reported this is what was used by the hackers who targeted Saks and Lord & Taylor. The credit and debit card numbers were stolen via software implanted into the stores’ cash register systems that, most likely, was installed through phishing emails sent to HBC employees.)
He said staff need to be told, or reminded, not to open or click into unknown or suspicious emails.
They also need to be aware that emails can be spoofs—which use the exact email address of known individuals—or come from someone who has obtained an email address that is very similar to, but not exactly the same as, a known party’s address. They need to look for foreign domains, misspellings and other anomalies in emails.
When a transaction is involved, Kennedy recommends calling the person on the phone to confirm that it is not a fraud.
He also recommends having a written cybersecurity policy employees have to read and sign, and having regular staff meetings that include reviews of the company’s cybersecurity protocols.
Kennedy said one of the main methods cybercriminals employ is social engineering, in which they use various methods to win the trust of the company’s employees in order to gain unauthorized access to its IT system.
(The New York Times reported this is what was used by the hackers who targeted Saks and Lord & Taylor. The credit and debit card numbers were stolen via software implanted into the stores’ cash register systems that, most likely, was installed through phishing emails sent to HBC employees.)
He said staff need to be told, or reminded, not to open or click into unknown or suspicious emails.
They also need to be aware that emails can be spoofs—which use the exact email address of known individuals—or come from someone who has obtained an email address that is very similar to, but not exactly the same as, a known party’s address. They need to look for foreign domains, misspellings and other anomalies in emails.
When a transaction is involved, Kennedy recommends calling the person on the phone to confirm that it is not a fraud.
He also recommends having a written cybersecurity policy employees have to read and sign, and having regular staff meetings that include reviews of the company’s cybersecurity protocols.
More on Majors
The Latest
Lab-GrownDec 04, 2024
GJEPC Says Indian Trade Will Use FTC-Approved Terminology for Lab-Grown DiamondsThe FTC’s Jewelry Guides require “clear and conspicuous” disclosure when advertising lab-grown diamonds.
SourcingDec 04, 2024
Designer Saul Fraiman Retires After 55 YearsThe fine jewelry designer, who came out of retirement in 2017, is putting down his sketchpad for good.
Brought to you by
Protecting Your Sparkle: Why Screening Has Become Essential While no reputable jeweler would knowingly sell lab-grown stones as natural, it's a growing possibility.
AuctionsDec 04, 2024
30-Carat Pink Diamond Fetches $2.6M at BonhamsThe Type IIa, very light pink colored diamond was the highlight of the recent Hong Kong jewelry auction.
Weekly QuizNov 26, 2024
This Week’s QuizTest your jewelry news knowledge by answering these questions.
CrimeDec 03, 2024
Man Sentenced to Life in Prison for Murder of Florida JewelerJohn Willard Craiger, 83, fatally shot jeweler Ghazi “Gus” Michel Osta following an argument in the store.
ColumnistsDec 03, 2024
Peter Smith: How a Leadership Hire Can Make or Break a CompanyIn his latest column, Smith provides a list of questions every business needs to be asking their next potential leader.
Brought to you by
Navigating Cybersecurity: Essential Guidance for JewelersFrom protecting customer data to safeguarding inventory records, it's crucial to learn how to tackle cybersecurity challenges.
SourcingDec 03, 2024
Gemstone Cutter Glenn Lehrer Dies at 71An innovative artist inspired by the natural world, Lehrer is remembered for being a visionary and a shining light.
WatchesDec 03, 2024
Jaeger-LeCoultre and Vacheron Constantin Appoint New CEOsJérôme Lambert returns as CEO of Jaeger-LeCoultre, while Laurent Perves takes the lead role at Vacheron Constantin.
IndependentsDec 02, 2024
Windsor Jewelry Closing After 105 YearsOwners Greg and Lynn Bires are heading into retirement.
GradingDec 02, 2024
Jewelry Appraiser Craig Lynch Dies at 70The industry veteran is remembered for his faith, his dedication to his family, his wealth of knowledge and his generosity in sharing it.
SurveysDec 02, 2024
10-Year Rewind: Comparing 2024 Holiday Shoppers With the Consumers of 2015PricewaterhouseCoopers’ 2024 holiday trends survey took a 10-year look back to see what mattered to consumers then versus now.
Lab-GrownDec 02, 2024
Lab-Grown Diamond Jewelry Set Sells for $55K at Charity AuctionMonique Lhuillier and Kay Jewelers collaborated to create the pieces, which were offered at the recent Baby2Baby gala.
Policies & IssuesNov 27, 2024
G7 Announces Botswana as Second Verification ‘Node’ for Rough DiamondsBotswana joins Antwerp as a certification center for rough under the G7 ban on Russian diamonds.
SourcingNov 27, 2024
Gemfields Reports 'Disappointing' High-Quality Emerald Auction ResultsThe miner said its November sale, which earned $16.1 million, felt the effect of competitive pricing by a rival Zambian producer.
CollectionsNov 27, 2024
Piece of the Week: Mignon Faget’s ‘Crescent Starry Night’ Tassel EarringsMignon Faget honors its hometown of New Orleans with a piece inspired by “The Crescent City.”
TechnologyNov 27, 2024
Nivoda Secures Additional Funding The London-based business-to-business diamond and gemstone marketplace just closed on a $51 million round of Series C funding.
SourcingNov 26, 2024
De Beers Stays With ‘A Diamond Is Forever’ for 2024 Holiday Campaign“Forever Present” highlights gifting opportunities for natural diamonds, celebrating familial, friendship, and romantic relationships.
AuctionsNov 26, 2024
Christie’s To Auction Collection of Suzanne Belperron JewelsIt’s one of the most impressive assemblages of the French designer’s pieces ever to come to auction, Christie’s said.
ColumnistsNov 26, 2024
The Smart Lab: 7 Strategies for Refining Your Holiday Email Marketing CampaignsSuccessful email marketing campaigns are all about timing, personalization, and compelling CTAs, Emmanuel Raheb writes.
MajorsNov 26, 2024
Ben Bridge Jeweler Unveils This Year’s ‘Benny Bear’ Look out for a black bear wearing a purple Santa hat and its zippered tummy pouch made for holding a holiday gift from Ben Bridge Jeweler.
SourcingNov 25, 2024
William Goldberg Celebrates 2 Major Milestones With New Book“The William Goldberg Way” was released in honor of the company’s 75th anniversary and 25 years of its proprietary Ashoka diamond.
Lab-GrownNov 25, 2024
Lab-Grown Co. Lusix Sold to 2 Companies for $4M Fenix and Dholakia Lab-Grown Diamonds have jointly acquired the Israel-based company, which grows diamonds using solar power.
IndependentsNov 25, 2024
Sophie Bille Brahe Opens First US StoreThe Danish brand has opened an appointment-only location on Madison Avenue in New York City.
Events & AwardsNov 25, 2024
The Original Miami Beach Antique Show Panel to Feature Fred SavageThe actor and watch enthusiast will be part of the show’s education lineup.
EditorsNov 22, 2024
Out & About: Inside the CD Peacock MansionStep inside the nearly 21,000-square-foot suburban Chicago jewelry store with Editor-in-Chief Michelle Graff.
