Retailers have become a profitable target for cyber fraudsters, with U.S. leading upscale department store Saks Fifth Avenue and sister brand Lord & Taylor joining the list of businesses affected.

Parent group Hudson’s Bay Co. said earlier this week that customer payment card information may have been stolen from shoppers at certain Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor stores in North America.

“Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” the retail group said in a public statement. The retailer also guaranteed that those customers affected by the breach will not be liable for fraudulent charges.

Saks Fifth Avenue and Lord & Taylor working to help customers recover from data breach

In the meantime, Hudson Bay is “working rapidly with leading data security investigators to get customers the information they need, and the investigation is ongoing.” The company is working closely with law enforcement authorities and the payment card companies to investigate the magnitude of the attack.

Cybersecurity firm Gemini Advisory LLC calculates that credit and other personal information was stolen from 83 Saks Fifth Avenue or Saks Off Fifth stores, and from all Lord & Taylor locations. According to this report, approximately 125,000 of the five million records compromised would have been released for sale on the ‘dark web’.

“Although at this moment it is close to impossible to ascertain the exact window of compromise, the preliminary analysis suggests that criminals were stealing the information between May 2017 to present,” Gemini Advisory further explained.

Five million records thought to have been compromised during cyberattack

Thus, continues Gemini Advisory, available data suggests that five million credit card and debit card numbers had been compromised in the breach.

A spokesperson for the specialised consulting firm highlighted that most of the stolen credit cards appear to have been obtained from stores in the New York City metropolitan area and other Northeast U.S. states.

IT security experts point out that this data breach closely resembles past retail breaches that have targeted the point-of-sale systems used by companies such as Target and Neiman Marcus. In late 2017 Forever 21 revealed being the target of a data breach , warning customers who shopped in the chain’s stores from March 2017 through October 2017 might have been victims of personal information theft.

Data breach affecting millions of customers draws mortal blow to ailing Hudson’s Bay’s business

The breach comes days after Hudson’s Bay reported weak same-store sales. The Toronto-based conglomerate is struggling to turn around its declining business, having recently cut over 2,000 jobs and hired a new chief executive.

In late March the retailer reported fourth-quarter earnings that missed analysts’ estimates, and its shares fell as much as 5.9 percent before ending the day up about 1.1 percent, recalls Bloomberg.

Image:Elie Saab for Saks Fifth Avenue, Saks Fifth Avenue Official Web