Newsroom

Millions of shoppers' payment card information used at Saks and Lord & Taylor department stores was compromised in a recently confirmed data breach. The hackers, who reportedly began stealing card information in May 2017, claim they have 5 million credit and debit card numbers.

NAFCU continues to call on Congress to instate national data security standards – akin to those followed by credit unions – in an effort to curb future breaches.

This breach involves customer payment card data at Saks Fifth Avenue, Saks Off 5th and Lord & Taylor chains in North America. The parent company, Hudson Bay Co., does not yet know how many customers have been impacted but does not think Social Security or driver’s license numbers were compromised. Hudson said it will notify affected consumers once the investigation is complete.

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system.

Currently, NAFCU-sought draft legislation is being worked on by House Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., and Rep. Carolyn Maloney, D-N.Y. The draft bill builds on provisions from the Data Security Act of 2015, which would have created a strong national data security standard for retailers, held them accountable for breaches on their end and recognized credit unions' compliance with the Gramm-Leach-Bliley Act.

NAFCU remains a leading advocate on this issue and is working to ensure that all entities that hold or collect consumers' personal financial information are held to similar standards as credit unions.