What happened?

Saks stores & UnderArmour have both confirmed data breaches impacting their organizations. As of April 1, 150 million usernames, emails and passwords from UnderArmour, and 5 million credit/debit cards from Saks and Lord & Taylor retail stores have been compromised in data breach events.

Saks and Lord & Taylor Stores – Hudson’s Bay Company

Hudson’s Bay Company – owner of Saks Fifth Avenue, Saks Off 5th and Lord & Taylor retail stores – confirmed a data breach on April 1.

Scope of Breach

5 million credit and debit cards

• 130 Saks and Lord & Taylor locations impacted

The company has confirmed that only payment cards used for in-store purchases were affected.

Security experts like cybersecurity firm Gemini Advisory note that this breach is “amongst the biggest and most damaging” to impact retail companies. However, Hudson’s Bay Company says it will offer free credit and web monitoring services to impacted individuals.

UnderArmour – MyFitnessPal

UnderArmour’s recent data breach impacted individuals using its nutrition and fitness app MyFitnessPal.

Scope of Breach

150 million MyFitnessPal accounts

• Usernames, email addresses, hashed passwords were compromised

UnderArmour became aware of the breach only days before the official announcement. The company stated that an “unauthorized party” first accessed MyFitnessPal data in February 2018.

Fortunately, customer payment data is collected by UnderArmour separately and was not affected by this breach. In addition, some passwords were hashed with “bcrypt,” a security mechanism that makes even exposed passwords tough to crack.

What should you do?

If you’ve been impacted by the data breaches at Saks stores & UnderArmour, you’ll need to lock down any information that was exposed in these events. Use these tips to stay one step ahead of identity thieves and help prevent further misuse of your information:

Saks Retail Stores

  • Reach out to your financial institution about any cards that may have been impacted by the Hudson’s Bay Company data breach.
  • Keep an eye on your financial statements and look for signs of suspicious or fraudulent activity.

UnderArmour Data Breach

  • Update the login credentials for your MyFitnessPal account. MyFitnessPal allows you to change your username once, but you can change the email and password associated with your account at any time.
  • Be on the lookout for phishing emails that are typically sent after a data breach event to capture more information about you.