Advertisement

HBC tightens security after Saks Fifth Avenue website exposes customer info

Pedestrians are reflected in the glass doors of a Saks Fifth Avenue store .
No customer credit card or payment information was exposed in the data leak, according to the company. Ty Wright/Bloomberg via Getty Images

Hudson’s Bay Company has taken steps to tighten its online security after the personal information of some Saks Fifth Avenue customers was exposed online.

According to Buzzfeed News – which obtained the data and verified it through cyber security expert Robert Graham – unencrypted, publicly accessible web pages on the Saks Fifth Avenue website exposed the information of customers who had added their names to waiting lists for specific products.

READ MORE: Lessons from the Yahoo hack – 5 simple tips to safeguard your email

The exposed data included email addresses, product codes and, in some cases, the phone numbers of some customers.

Although Buzzfeed reported tens of thousands of customer records had been exposed, a HBC spokesperson downplayed the size of the data leak, stating a “single-digit percentage” of email addresses and phone numbers had been exposed.

Story continues below advertisement

WATCH: Did Canadian Tire do enough to protect customers after a cyber attack?

Click to play video: 'Did Canadian Tire do enough to protect customers after a cyber attack?'
Did Canadian Tire do enough to protect customers after a cyber attack?

The company also confirmed no credit card or payment information was affected.

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.

Get daily National news

Get the day's top news, political, economic, and current affairs headlines, delivered to your inbox once a day.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

“We take this matter seriously. We want to reassure our customers that no credit, payment, or password information was ever exposed,” a HBC spokesperson told Global News via email.

“The security of our customers is of utmost priority and we are moving quickly and aggressively to resolve the situation, which is limited to a low single-digit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”

READ MORE: What you need to know about ‘Cloudbleed,’ the latest internet security bug

The company did not comment on why the information was information was left unencrypted and publicly available.

Story continues below advertisement

According to Buzzfeed, one of the pages listed several Gmail and Hotmail email addresses, along with work email accounts from JPMorgan and government addresses.

Sponsored content

AdChoices