Hackers made off with a whopping 5 million credit and debit card numbers from Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor, placing it \u201camong the most significant credit card heists in modern history.\u201dParent company Canada-based Hudson\u2019s Bay Company announced the breach affecting the North American stores on Sunday, saying, \u201cHBC has identified the issue, and has taken steps to contain it.\u201dHBC disclosed the hack after cybersecurity firm Gemini Advisory revealed that the JokerStash hacking group, aka Fin7, claimed to have 5 million stolen payment card numbers the group intends to sell on the dark web. The group responsible for this hack was also reportedly responsible for hacking \u201cWhole Foods, Chipotle, Omni Hotels & Resorts, Trump Hotels and many more.\u201dCredit card numbers stolen between May 2017 and March 2018Gemini believes the hackers pwned the retailers\u2019 point-of-sale systems and stole the card numbers between May 2017 and March 2018 from Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor. The hackers likely got malware to infect the systems via phishing emails and then managed to steal the more than 5 million records by quietly sitting on the network for nearly a year.Gemini added, \u201cIt appears that all Lord & Taylor and 83 U.S.-based Saks Fifth Avenue locations have been compromised. In addition, we identified three potentially compromised stores located in Ontario, Canada. However, the majority of stolen credit cards were obtained from New York and New Jersey locations.\u201dJokerStash hackers are selling the stolen payment recordsOn Wednesday, JokerStash announced a \u201cbrand new breach\u201d called \u201cBIGBADABOOM-2.\u201d The payment record details are being sold in small batches, so banks will have a harder time detecting the stolen card data. The hackers put a small number of compromised records up for immediate sale on the dark web. Of the 125,000 records for sale, Gemini said \u201capproximately 35,000 records\u201d are from Saks Fifth Avenue and \u201c90,000 records\u201d are from Lord & Taylor.Although HBC promised that affected customers won\u2019t be liable for fraudulent charges, Gemini pointed out that \u201ccardholders who frequently shop at luxury retail chains like Saks Fifth Avenue are more likely to purchase high-ticket items regularly; therefore, it will be extremely difficult to distinguish fraudulent transactions from those of a legitimate nature, allowing criminals to abuse stolen payment cards and remain undetected for a longer period of time.\u201dIn addition to the announcement on the Hudson\u2019s Bay Company site, HBC also posted online notices on Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor, saying the issue was identified and contained so that \u201cit no longer poses a risk to customers shopping at our stores. While the investigation is ongoing, there is no indication that this affects our e-commerce or other digital platforms, Hudson\u2019s Bay, Home Outfitters, or HBC Europe. We deeply regret any inconvenience or concern this may cause.\u201dHBC is reportedly working with data security investigators, as well as law enforcement and payment card companies. The company will offer impacted victims free identity protection services.