Threat Intelligence: Saks Fifth Ave Data Breach

Data breaches in the U.S is increasing by each year (BNA). Phishing, ransomware, malware and skimming attacks are the most common leading causes of data breaches. Data breaches are set to increase at a higher rate in the upcoming year of 2019. A popular data breach hit Saks Fifth Avenue and Lord & Taylor stores in May 2017. Hackers stole credit card information from millions of shoppers. The hackers claimed that they had five million credit and debit card numbers from Saks and Taylor customers and employees. Hackers proceeded to sell these debit and credit card numbers on the dark web. The hackers sold about 125,000 cards that have been used at Saks and Lord and Taylor(McMillan). The group behind the hackers is either JokerStash or Fin 7. Due to similar breaches around the May 2017 timeframe, JokerStash released card information in small quantities to the dark web to stay under the radar. JokerStash was able to compromise these consumers due to a phishing attack that was successful. The attack went on for a year before JokerStash went public. During that time frame, many consumers information was compromised and used. After the attack, Saks Fifth Ave and Lord & Taylor offered their consumers free identity theft protection services, credit monitoring and lastly paid for their fraudulent charges.

The Saks Fifth Ave and Lord & Taylor breach compromised millions of consumer data. 148 million U.S. consumers had there personal information stolen including their social security numbers and drivers license. This breach took place due to improper training. The actors JokerStash was a criminal group phishing for money. Therefore he sent out phishing emails to Saks Fifth Ave and Lord & Taylor employees and was successful once they fell for it. JokerStash was more focused on the financial recognition, they were obtaining debit and credit card information in order to make a profit on the dark web. They were also fixated on the enjoyment aspect. They often boasted on the dark web about stealing consumer data. The unwanted outcome was JokerStash stealing 5 million credit and debit card user information. JokerStash compromised Saks Fifth Ave and Lord & Taylor’s integrity and confidentiality. They were no longer a trusted store. They held onto consumer data that they could not keep. Customers are now concerned that their data may potentially be compromised again.

JokerStash vulnerability aspect was sending out a successful phishing email in order to hack their system. Once JokerStash hacked their system, they were selling consumer information until early 2018. Saks Fifth Ave and Lord & Taylor had no clue that their organization had been compromised. The consequences of not having proper training for the attack caused Saks and Taylor’s integrity to decrease and led to millions of consumer data being compromised. Saks and Taylor had to spend millions of dollars in order to provide consumers with proper identification reconciliation repair. In order to control another matter like this happening again, it is important to implement phishing and email mock testing training in order to combat phishing emails. Threat actors will exploit a vulnerability to cause an impact on any organization. It is very important to be mindful of actors and to keep your organization up to speed on combating threats.

?