Lord & Taylor, LLC is facing a proposed class action after announcing earlier this week that it experienced a security breach “involving customer payment card data” collected at Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor retail stores. As a result, the case alleges, millions of customers’ credit and debit card information – including names, card numbers, expiration dates, and internal verification codes – was stolen, exposing the individuals to a greater risk of identity theft.
The lawsuit claims the retailer ignored security standards and allowed its systems to be compromised by “cutting corners on security measures” instead of taking the necessary steps to ensure its customers’ private financial data was protected. The case argues the company had every opportunity to learn from data breaches experienced by other retailers and should have been prepared to prevent or at least mitigate hackers’ attempts to steal protected information.
Crime Syndicate Announces Sale of Stolen Information
On March 28, 2018, a criminal syndicate known as “JokerStash” reportedly posted an advertisement announcing the sale of “over five million stolen credit and debit cards.” Cybersecurity firm Gemini Advisory pinpointed the source of the stolen records as the defendant’s retail stores, noting that the information was most likely collected between May 2017 and late-March 2018.
Lord & Taylor’s Response
Lord & Taylor reportedly acknowledged the breach on April 1, 2018, informing customers that “they will not be liable for fraudulent charges that may result from this matter.” Notably, the case points out, the defendant never said it would itself compensate them for any damages they suffered. Instead, the retailer instructed its customers to monitor their accounts and notify their banks of any fraudulent activity.
Effect of the Breach on Lord & Taylor Customers
The case claims proposed class members – individuals who used their credit, debit, or prepaid debit cards at a Lord & Taylor store between May 2017 and March 2018 – are now forced to expend time and money monitoring their accounts, replacing credit/debit cards, and collecting reimbursement for fraudulent charges.
The lawsuit seeks to repay members of the proposed class for damages they suffered as a result of the defendant’s alleged misconduct.