March 20, 2017 1:16 pm
Updated: March 20, 2017 1:18 pm

HBC tightens security after Saks Fifth Avenue website exposes customer info

Pedestrians are reflected in the glass doors of a Saks Fifth Avenue store .

No customer credit card or payment information was exposed in the data leak, according to the company.

Ty Wright/Bloomberg via Getty Images

Hudson’s Bay Company has taken steps to tighten its online security after the personal information of some Saks Fifth Avenue customers was exposed online.

Story continues below

According to Buzzfeed News – which obtained the data and verified it through cyber security expert Robert Graham – unencrypted, publicly accessible web pages on the Saks Fifth Avenue website exposed the information of customers who had added their names to waiting lists for specific products.

READ MORE: Lessons from the Yahoo hack – 5 simple tips to safeguard your email

The exposed data included email addresses, product codes and, in some cases, the phone numbers of some customers.

Although Buzzfeed reported tens of thousands of customer records had been exposed, a HBC spokesperson downplayed the size of the data leak, stating a “single-digit percentage” of email addresses and phone numbers had been exposed.

WATCH: Did Canadian Tire do enough to protect customers after a cyber attack?

The company also confirmed no credit card or payment information was affected.

“We take this matter seriously. We want to reassure our customers that no credit, payment, or password information was ever exposed,” a HBC spokesperson told Global News via email.

“The security of our customers is of utmost priority and we are moving quickly and aggressively to resolve the situation, which is limited to a low single-digit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”

READ MORE: What you need to know about ‘Cloudbleed,’ the latest internet security bug

The company did not comment on why the information was information was left unencrypted and publicly available.

According to Buzzfeed, one of the pages listed several Gmail and Hotmail email addresses, along with work email accounts from JPMorgan and government addresses.

© 2017 Global News, a division of Corus Entertainment Inc.

Report an error


Want to discuss? Please read our Commenting Policy first.