No payment data was exposed, but only email addresses, product codes for items customers wanted to buy, IPs and some phone numbers were exposed, the retailer said. Some email addresses and phone numbers were associated with work accounts of JP Morgan employees and government staff, according to Hot for Security blog.
The breach occurred due to weak encryption and because the company kept customer data info in plain text on their servers. It seems the company had no overall encryption and security strategy, but chose to encrypt only certain pages, making it easy for an intruder in the local network to steal unencrypted information, the blog continued.
After Canadian Hudson’s Bay Company, the owner of Saks Fifth Avenue, was informed about the breach, the corrupt pages were taken offline.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now