Here we go again: A hacker group has stolen 5 million credit and debit card numbers, this time from certain Saks Fifth Avenue, Saks OFF 5th and Lord & Taylor stores. Online security firm Gemini Advisory, which detected the breach, says that hackers got the data by infiltrating the cash register systems at Lord & Taylor stores around the country, and from some Saks stores in New York and New Jersey.
The company that owns the retailers, Hudson’s Bay, acknowledged the breach but says its online shoppers were not at risk, and that there is no longer a risk to customers who are shopping in stores. The incident is one of the largest recent hacks, although it’s still smaller than those that affected Target, Home Depot and Equifax over the past few years.
The silver lining, if there is any, is that only credit and debit card numbers were stolen — not PINs or identifying information like a Social Security number or date of birth that cyber thieves could use to take out credit in your name.
Still, that may be cold comfort if you suspect you were one of the victims. Here’s what to do if you think your credit card may have been compromised.
MONITOR YOUR CARD ACTIVITY
If you’ve ever lost a credit card, you know that you should report it stolen immediately because letting the credit card company know before fraudulent charges are made means you won’t be held liable for them.
But it can take longer to detect theft when someone has just stolen your number, as is the case in the Saks data breach. So it’s a good idea to watch your account closely and report a fraudulent transaction as soon as you detect it. If you report fraudulent charges within two days, federal law states you can’t be held responsible for more than $50.
Here’s one bit of good news: Hudson’s Bay has already assured customers that they won’t be held liable for any fraudulent charges.
WATCH FOR PHISHING
Beware of scammers who may try to contact you and convince you they are legit because they know your debit or credit card number. They may use that detail to ask you for additional information, like a Social Security number or log-in ID. Typically a legitimate company won’t ask you for such sensitive data via email.
The company has stated it will provide free identity-protection services, such as credit monitoring, to those affected by the breach.
CONSIDER ADDITIONAL STEPS
While there’s no indication that anything other than card numbers were stolen in this case, it may be a good idea to take additional steps to improve your overall security. You may want to consider putting a fraud alert on your accounts or freezing your credit entirely — Hudson’s Bay has even said it will provide free identity-protection services, such as credit monitoring, to those affected by the breach.
If you haven’t yet, also make sure to sign up for online access to your financial accounts. Otherwise, someone else could pose as you, sign up and get access to your account details. When you do sign up, make sure you use strong passwords and two-factor authentication, if it’s offered — the harder you can make it to access your accounts, the better.