Skip to content
ScoreSense
  • Available Features
    • Credit Scores & Reports
    • Credit Insights
    • Credit Monitoring
    • Identity Theft Monitoring
    • Credit Tools
    • Mobile App
  • Blog
  • In The News
  • Credit Journeys
    • College
    • Military
    • Home Buying
  • Contact
  • FAQs
  • Reviews
  •   Sign In
  • Get My Scores
Main Menu
  • Credit Education
    • Credit Basics
      • Credit Bureaus
      • Types of Credit
    • Credit Scores
      • Credit Score Factors
      • Credit Score Tips
    • Credit Reports
      • Negative Credit Items
      • Credit Report Errors
      • Credit Report Disputes
    • Credit Monitoring
      • Signs of Credit Fraud
      • Credit Fraud Recovery
      • Credit Security Tactics
    • Credit Repair
      • Credit Repair Scams
    • Build Credit
      • Establish Credit for Teens & Students
    • News & Trends
  • Fraud
    • Identity Protection
    • ID Theft
      • Child ID Theft
      • Tax ID Theft
      • Medical ID Theft
    • ID Theft Recovery
    • Data Breaches
    • News & Trends
  • Personal Finance
    • Loans
      • Home Loans
      • Auto Loans
      • Student Loans
      • Personal Loans
      • Business Loans
    • Budgeting
    • Saving
    • Debt
    • Banking
    • Investing
      • 401K & IRAs
      • Stocks & Mutual Funds
    • Taxes
    • Life Events
      • Marriage
      • Parenthood
      • Retirement
      • Divorce
      • Death
      • Bankruptcy
      • Job Loss
      • Natural Disaster
    • News & Trends
  • Credit Cards
    • Interest Rates
    • Denied Credit
    • Card Types
    • Manage Balance
    • News & Trends
  • Credit Tools
    • Credit
      • Monitoring & Alerts
      • Credit Scores & Reports
      • Credit Insights
      • Credit Specialists
      • Score Simulators
    • Identity Theft Insurance
    • Identity Theft Monitoring
    • Sex Offender Monitoring
  • COVID-19
Search

CreditSense > Fraud > News & Trends > Major Retailers Hit Hard by Breaches in 2018

Major Retailers Hit Hard by Breaches in 2018

Picture of ScoreSense

ScoreSense

  • July 13, 2018

Major retailers have grabbed the lion’s share of data breach headlines in the first half of 2018. Macy’s, Adidas, Saks Fifth Avenue, Lord & Taylor, Kmart, Sears and Under Armour all suffered breaches in which the personal data of their customers was hacked or exposed.

Here’s a look at notable security breaches thus far:

 MACY’S – JULY 9

Macy’s has sent letters to customers warning them that a cyber threat targeted customers’ online account information for nearly two months.

On June 11, Macy’s cyber threat alert tools uncovered the attack on macys.com and bloomingdales.com customer accounts and blocked the compromised profiles. Hackers were able to access customers’ names, addresses, phone numbers, email addresses, birthdays, and credit or debit card numbers with expiration dates.

Macy’s officials said the suspicious activity took place from April 26 to June 12. A third party obtained valid usernames and passwords through websites not related to macys.com or bloomingdales.com and used them to gain access to customers’ accounts.

The pilfered information did not include social security numbers or the CVV security numbers that appear on the backs of credit cards, officials said.

ADIDAS – JUNE 26

Adidas alerted “a few million” customers who made purchases on its U.S. website about a potential data breach where hackers were suspected of accessing their personal information.

The athletic apparel company became aware of a “potential data security incident” on June 26 by “an unauthorized party [who] claims to have acquired limited data associated with certain Adidas consumers.” Company officials are taking steps to gauge the scope of the breach by working with data security firms and law enforcement.

The data includes contact information, usernames and encrypted passwords.

“Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted,” the Germany-based company said.

KMART, SEARS and BEST BUY – APRIL 4

Hundreds of thousands of online shoppers of Kmart, Sears and Best Buy may have had their personal information stolen in a security breach of [24]7.ai, a provider of customer service chat software.

The business process outsourcing company informed the affected companies in mid-March that it had discovered a hack that potentially affected online customer payment information of a small number of its clients, even if they did not use the chat feature.

In addition to stolen credit card information, hackers may have accessed names and other important personally identifiable information.

In an April 4 press release, [24]7.ai said, “The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”

Sears and Best Buy announced that their data had been affected in the hack.

On its website, Best Buy informed customers, “[24]7.ai has indicated that customer payment information may have been compromised during that time and, if that were the case, then a number of Best Buy customers would have had their payment information compromised, as well.”

The electronics retailer said they have notified law enforcement and in working with [24]7.ai, determined that a small fraction of their overall online customer population could have been affected, whether or not they used the chat function.

Sears Holdings, which includes Sears and Kmart, said in a statement on their website that they “believe this incident involved unauthorized access to less than 100,000 of our customers’ credit card information.”

“We immediately notified the credit card companies to prevent potential fraud, and launched a thorough investigation with federal law enforcement authorities, our banking partners, and IT security firms,” a Sears official said. “Customers using a Sears-branded credit card were not impacted. In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.”

SAKS FIFTH AVENUE AND LORD & TAYLOR – APRIL 1

Saks Fifth Avenue and Lord & Taylor confirmed on April 1 that hackers had breached their payment systems, stealing the card information of more than 5 million customers. Saks company officials said in a press release, “We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores. While the investigation is ongoing, there is no indication that this affects our e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters or HBC Europe.”

Hackers claim they have credit card and debit card numbers from Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor stores in North America. They may have been releasing the pilfered information for sale on black market websites since May 2017, according to the New York-based cybersecurity firm Gemini Advisory LLC.

Gemini Advisory said a JokerStash syndicate, also known as Fin7, announced on March 28 that more than 5 million stolen payment cards were being offered for sale on the dark web, which is used by hackers and others to anonymously trade and sell stolen information. As of April 1, about 125,000 records have been released for sale, but it is expected that all stolen payment information will be available on the dark web in the coming months. JokerStash has had other successful high-profile breaches, including Whole Foods, Chipotle, Omni Hotels & Resorts and Trump Hotels.

Saks officials stated that based on their investigation, there is no indication that social security or social insurance numbers, driver’s license numbers or PINs have been affected by the exploited security gap. Officials said customers will not be liable for fraudulent charges that may result from the breach, and encouraged consumers to review their account statements and contact their card issuers immediately if they find activity or transactions they do not recognize.

UNDER ARMOUR – MARCH 29

In late March, Under Armour notified about 150 million users that their personal information was stolen in a February 2018 security breach of its MyFitnessPal app, its food and nutrition application. Personal data such as email addresses, usernames and passwords were exposed, but credit-card information and driver’s license numbers weren’t compromised, according to the company.

Officials said the MyFitnessPal team discovered the data security issue on March 25 when they found that an “unauthorized party acquired data associated with MyFitnessPal user accounts.” MyFitnessPal is an app that assists in the tracking of diet and exercise routines.

Under Armour, the Baltimore-based athletic and fitness apparel company, said their “investigation indicates that the affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.”

“The affected data did not include government-issued identifiers (such as social security numbers and driver’s license numbers), which the company does not collect from users,” officials said. “Payment card data was also not affected because it is collected and processed separately.”

The company took steps to alert MyFitnessPal users by notifying them through email and in-app messaging. The notice contains recommendations for users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.

The company’s investigation indicates that approximately 150 million user accounts were affected by the breach.

 

Smart Moves

Get your credit scores and reports from all three bureaus instantly.

Take Action

Shield your credit and finances with up to $1 million identity theft insurance*.

Get Protected

Find out how your score could change if you pay down a credit card or miss a mortgage payment.

Explore Tools

RELATED

How to Defer Your Mortgage During the Coronavirus Pandemic

Will Losing My Job Because of the Coronavirus Hurt My Credit Score?

How to Tighten Your Budget During the Coronavirus Lockdown

What Should I Do If My Information Is Part of a Data Breach?

Tax Season is High Risk

Why Are My 3 Credit Scores Different?

6 Ways to Spend Less This Holiday Season

What is a Write-off and How is it Different From a Charge-off

You are more than just 1 credit score.
Get your credit scores and reports from all three bureaus instantly.
Get My Scores

What's Your Credit Score?

Get Your credit scores & reports from all 3 bureaus, Instantly!**
Get my scores

Sign Up for Our Credit Newsletter

ScoreSense

  • Have an Account? Sign In
  • 1-800-972-7204
  • Mon-Fri: 8AM to 8PM CT
    Sat: 8AM to 5PM CT
    Sun: Noon to 6PM CT
  • customercare@scoresense.com
  • 3400 N Central Expy Ste #110-298
    Richardson, TX 75080

Company

Contact Us
Terms and Conditions
Privacy Policy
OTL*ScoreSense

 

Facebook Youtube

Features

Credit Scores & Reports
Credit Insights
Credit Monitoring
Identity Theft Monitoring
Credit Tools

Resources

Learn About Credit
What is a Good Credit Score?
Credit Score Range

Mobile Apps

© 2001-2025 One Technologies, LLC. All rights reserved.

ScoreSense® is a trademark of One Technologies, LLC.

Do not sell/share my information |

*Identity Theft Insurance underwritten by insurance company subsidiaries or affiliates of American International Group, Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions, and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.

**After verification of your identity, your scores are available for secure online delivery in seconds.

 

Scroll to Top