Top Shelf Retailers are Not Immune from Breaches
Attackers are not going to go through the effort of researching and conducting recon on a target, attempting various techniques to compromise the system, and exfiltrate valuable data. The risks are simply too much. If the person or group is caught, there are serious and significant repercussions. Saks Fifth Avenue and Lord & Taylor have discovered this the difficult way. The time frame for the data theft is not clear. This has been estimated as beginning in May 2017 to March 28th of this year. The retail entities were compromised by the JokerStash group, which is also known as Fin 7. Data The data exfiltrated consisted of payment card data from approximately 5M of their customers from the US and Canada.
In wasting no time, the group has begun to sell the data on the darkweb. A large batch of data of this size may have been difficult to sell to an individual, so this was divided into sections and has started the process of gradually selling this. The first batch was approximately 125k records. Fortunately, the records do not include other client sensitive information, i.e. social security numbers, driver license numbers, or other data which would have increased the data sales price along with the usability.
Methodology
With a breach of this size, seemingly there would be some form of a trail in one of the logs. The method for the breach is still unknown at this time. The likely manner the attackers were able to get into the system is a simple, yet effective phishing or spear phishing attack. With the lists of email addresses and the user's propensity to click on links or pictures. The breach however is still under investigation.
Advice for the Consumer
This actually could have been much worse for the consumer. If the other potential sensitive information were to have been exfiltrated, and subsequently sold on the dark web, the clients would be prime for identity theft over at least the next five + years. Although the consumers would not be liable for the fraudulent charges, the clients would still need to monitor their accounts for any of these charges so the retailer would be able to correct the issue. Also, the retailer is offering free identity protection services. As long as phishing attacks are as successful as these have been, the attacks will continue, and these issues will not slow down.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.