Hudson's Bay says Saks customer info was exposed online over the weekend

Owen Stevens
March 21, 2017

The personal information of tens of thousands of customers of Saks Fifth Avenue has been publicly available in plain text online, BuzzFeed News has learned. This include the email addresses of customers and the items codes for products that they had shown an interest in.

A Saks Fifth Avenue data breach has left customer information where it can be easily obtained. The pages were later taken down by HBC.

"We take this matter seriously", said a spokesman for Hudson's Bay.

The Canadian company also emphasised that it does have "teams dedicated to the security of our customers' data and follow industry best practices for information security". "We want to reassure our customers that no credit, payment, or password information was ever exposed", a HBC spokesperson told Global News via email.

The online shopping sites also use a mix of secure and non-secure pages, which can pose another vulnerability to shoppers.

According to a report by BuzzFeed, thousands of customers who signed up to be notified about certain products had their public information made accessible to all, via non-secure websites on the Saks main page.

It would not confirm how many people were affected, only that it was limited to a small percentage of customers' personal data. Robert Graham, the owner of Errata Security, said that this was "as bad as security gets" and that it means "everyone is vulnerable". "They should all be https links".

Other reports by VgToday

Discuss This Article

FOLLOW OUR NEWSPAPER