This week's Technology Today divulges the truth behind JokerStash and its most recent attack on beloved department stores.
Last week, JokerStash, also known as Fin7, released 125,000 of the 5 million debit and credit cards stolen from Hudson Bay Co. (HBC), on the dark web. The data was collected between May 2017 and March 28th, 2018. HBC 's compromised companies, Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor's Northeast stores, specifically, New York and New Jersey, were hit the hardest; as well as, Toronto, Pickering and Brampton in Canada. The stores with antiquated POS and security protocol, were the ones infiltrated.
The remaining credit and debit cards have been given the name BIGBADABOOM-2 and will be rolled out in the coming months.
JokerStash was also responsible for the hacks on Omni Hotels, Chipotle and Whole Foods. It has been a pattern of theirs to slowly sell stolen card data on the dark web, in order to skyrocket their sales potential and ward off bank investors, with whom are trying to triangulate the source of the breach.
HOW IS THIS HAPPENING?
How are these large companies being assailed, time and time again? The most common technique, is for hackers to send out phishing emails to decision makers, containing an attachment that usually appears to be an invoice. Once clicking on said document, the system is infected and mined for data. A system can be hacked for years on end. It comes to light once the hackers either sell the data they have stolen or ask the host to fulfill a ransom payment - usually in a cryptocurrency.
HBC has created security-response websites for their three attacked companies, Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor. They are urging customers to visit theses sites for more information and next-steps. They are also vouching that customers will receive FREE credit monitoring and other identity protection services once there is more clarity around the 'facts'. It is still uncertain whether the hacks have come to an end or not.
In a statement released by Hudson Bay, they noted that they, 'deeply regret any inconvenience or concern this may cause,' and that they have, 'taken steps to contain the hack'.
Did you find this blog informative? Are you scared to make purchases at any HBC stores, now? Does this anger you? Do you work on the corporate or retail side of one of the companies effected? Sound off below!
Until next time, Techies!