Old Habits Die Hard – Saks Fifth Avenue Recovers from Massive Cyber-Attack


Trevor Reschke Head of Threat Intelligence

Luxury retailer Saks Fifth Avenue confirmed recently that it was the victim of a cyber-attack resulting in the loss of millions of personal records and financial information. Hackers allegedly stole the personal financial information from more than five million customers who visited the stores from May 2017, according to security firm Gemini Advisory, with approximately 125,000 of these records having been up for immediate sale on the dark web.  


The breach, which also hit Lord and Taylor stores and Saks Off Fifth stores, was described by experts at Gemini Advisory as “among the biggest and most damaging ever to hit retail companies.” In response, Saks Fifth Avenue has said that all of its US retail chains have been compromised, with the majority of stolen credit card information coming from its stores in New York and New Jersey. 


Following the news, the Fin7 hacking group bragged it had compromised the Saks IT systems, with infected sales terminals believed to be the entry point to gathering and pilfering the records, which included card numbers and expiration dates. 


POS Attack Methods 


While the scale of this attack puts it among the biggest to have hit retail companies in recent years (although not in the same league as the one that affected Target back in 2013, where some 80 million records were compromised), the method of attack probably comes as less of a surprise. 


Point-of-sale (POS) attacks have been a dime-a-dozen over the years to the point where the market view was that attackers were moving away from such methods to more targeted, lucrative attacks, including CEO-targeted fraud and bank transfer scams. 


Indeed, a recent Trustwave report indicates that retail-focused attacks involving POS systems had decreased by more than a third to 20 percent of all attacks, with this attributed to increased attack sophistication and the targeting of larger service providers and franchise head offices (rather than smaller high-volume targets). 


But old habits die hard for cyber-criminals. Coming shortly after Tim Horton restaurants in Canada were hit with a similar attack, Saks is simply the latest attack to use malware-infected cash registers to collect and siphon off card numbers as they are read from the cards (and thus, before these details are encrypted). 


As Gemini Advisory noted, because Saks tends to attract higher-income customers, the pilfered bank cards could be particularly valuable to fraudsters looking to use these cards while remaining undetected. 


Wake-up Call for the Retail Industry 


This attack should be a wake-up call to retailers operating older POS systems that are not secure. Like any computer, a POS is vulnerable if it is not regularly updated and maintained. The only difference between a POS and any other computer in a company’s infrastructure is that its primary function is to handle valuable financial information – the loss of which can lead to litigation, irreparable brand damage and (of course) defrauded customers pay the price. 


Trusted Knight’s Protector POS is designed to tackle precisely this issue. If you would like advice on POS security, please get in touch.   

Learn more – Protector POS