Five million stolen credit and debit cards offered for sale starting March 28 by the JokerStash hacking syndicate known as Fin7. Information security training experts believe that are likely came from records stolen from Saks Fifth Avenue and Lord & Taylor customers between 2017 until their release last month.
The data breach was identified by Gemini Advisory, a threat analysis, and dark web research company.
“Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised” and the majority of cards were “obtained from New York and New Jersey locations,” according to a Gemini advisory, which said around 125,000 records were for sale with the remainder of the cache, advertised on the dark web as BIGBADABOOM-2, expected to roll out in the coming months.
The information security training advisers at Gemini expressed confidence that the stolen cards came that victims of the attack are Saks Fifth Avenue, its discount outlet Saks Fifth Avenue OFF 5TH, and Lord & Taylor Stores, all operated by Hudson’s Bay Company (HBC), a Canadian firm.
Fin7 has successfully hacked hotel chains like Trump Hotels and Omni Hotels & Resorts, as well as retailers like Whole Foods, Jason’s Deli and Chipotle. The group last year also launched spear phishing campaigns targeting Securities and Exchange Commission (SEC) filings using a fileless attack framework.
“This incident shows again merchants need to protect themselves against POS system infiltration attacks targeting cardholder data. A multi-layer security strategy is necessary,” including segmenting POS networks and upping monitoring and threat detection capabilities, the information security training researcher Mark Cline, VP at Netsurion said. “If nothing else, dwell time of such an attack would be reduced to hours or days. This attack has persisted for almost a year, just as we have seen in previous massive card breaches.”
It is not surprising that FIN7 hackers are selling the stolen The Hudson’s Bay data on Dark Web. Last week, an information security training researcher revealed that hackers have access to a massive trove of user data although much of it is of little monetary value including Facebook accounts that are sold for only $5.20 while a Gmail ID is worth just $1.