Data Breaches Strike Saks, Lord & Taylor, and Under Armour

Press enter to search
Close search
Open Menu

Data Breaches Strike Saks, Lord & Taylor, and Under Armour

By Jamie Grill-Goodman - 04/02/2018

Hudson’s Bay has disclosed it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America. This comes just after news that retailer Under Armour suffered a data breach which affected an estimated 150 million users of its food and nutrition application, MyFitnessPal.

Saks and Lord & Taylor Data Breach

Hudson's Bay said the data security issue involved customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores. The company said it "took steps to contain" the breach and "believe it no longer poses a risk to customers" shopping at its stores, but did not confirm it had been successful in securing its network.

"Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring," the company said. 

According to a cybersecurity research firm, a ring of cyber criminals has obtained more than five million stolen payment cards and offered them for sale on the dark web.

UNDER ARMOUR DATA BREACH

Meanwhile, Under Armour announced approximately 150 million MyFitnessPal user accounts were affected during a recent data breach.

"On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018," the company revealed in a statement.

Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contained recommendations for account security steps. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.

The affected data did not include payment card data, as it is collected and processed separately. It also didn't include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users.