A recent cyber hack attack on U.S. retailer Hudson’s Bay, owner of the Saks and Lord & Taylor store brands, is expected to cause a loss to insurance and perhaps reinsurance interests and as a result Property Claim Services (PCS) has designated the event and will produce an estimate of insured losses for it.
The hacking attack saw payment card data, both credit and debit, stolen and reports suggest that as many as 5 million of Hudson’s Bay’s customers from its Saks and Lord & Taylor stores may have had their details compromised.
If it proves that millions of card details have been stolen it will be one of the largest cyber breaches in the last year.
It appears that card details were stolen when shoppers paid for items in person at Hudson’s Bay stores including Saks 5th Avenue, Saks Off Fifth and Lord & Taylor. Currently it is not believed the cyber breach affected online shoppers.
Hudson’s Bay Company said that currently there is no indication that its e-commerce or other digital platforms are affected, or its Hudson’s Bay, Home Outfitters, or HBC Europe stores.
It’s thought that hackers or cyber criminals had breached the IT networks of Hudson’s Bay and so were able to retrieve customer card details that had been used in store.
PCS said that the breach of Hudson Bay’s was first disclosed by security researchers Gemini Advisory, who said that malware had been used to breach the stores point of sale card machines.
Now that PCS has designated this event as a Global Cyber industry loss of interest it will monitor the event and provide reports in due course. A preliminary estimate of the potential insurance and reinsurance industry loss from the Hudsons Bay hacking is expected in around a months time.
PCS launched its Global Cyber loss aggregation service last year, offering industry loss estimates for individual affirmative international cyber events.
The PCS Global Cyber service can provide an index trigger for cyber risk transfer contracts, such as industry loss warranties (ILW’s) or catastrophe bonds, and can be used by insurance and reinsurance firms to validate loss data and to help in analysing cyber risks.
PCS said it now has 10 cyber loss events in its catalogue.