What Saks, Lord & Taylor shoppers can do to protect their data after breach

"Be proactive," one cyber security expert said.

April 2, 2018, 2:11 PM

Customers of Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor can take some steps to preserve and secure their personal information after Hudson's Bay, the Canadian corporation that owns these retailers, revealed on Sunday that cybercriminals had stolen the credit and debt card information of five million customers.

"We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores," Hudson's Bay said in a statement. "We are working rapidly with leading data security investigators to get our customers the information they need, and our investigation is ongoing."

Free identity protection services and credit and web monitoring will be offered to consumers who were impacted by the breach, the company said.

Shoppers should take Hudson's Bay up on its offer, Adam Levin, the founder of CyberScout, an identity protection and data risk services company, told ABC News.

"Set up transactional monitoring," Levin advised. Transactional monitoring is a free service provided by financial institutions that shows a cardholder "as real-time as possible" where and when transactions are taking place, he explained.

Shoppers are pictured outside Saks Fifth Avenue store on Fifth Avenue, Sept. 27, 2016 in New York.
Drew Angerer/Getty Images

"Call your financial institution and really be on top of your game if you think your account has been compromised," he added. "[You can] freeze credit to make sure no one could use your information or open a new account in your name."

When it comes to stolen credit and debit card information, Levin notes that there's a big difference between the two.

"Credit card gives you greater protection than your debit card," he said.

"A debit card is a direct pathway into [someone's] bank account," he continued. "It's always smarter to use a credit card, but make sure you pay it off at the end of the month."

A customer uses her credit card in an undated stock photo.
STOCK PHOTO/Getty Images

Creating unique PIN numbers that are both strong and different for every account are also good tips to implement, even if you don't think you're a victim of a data breach.

"Be proactive," Dr. Eric Cole, a CIA cybersecurity expert who served on the Commission for Cyber Security under former President Obama, told ABC News.

He advises consumers to preemptively change passwords on online accounts and to set up an email filter.

"Before you click a link or open an attachment [from a merchant] check to see if [that email] really is from that store," he said. "It's most likely a hacker trying to steal or get additional information."

Cole also offered more advanced techniques for protecting one's data, such as setting up different personas and using a different card at various stores.

"If you use the same real information, once it gets comprised, [a hacker] can get into any of your accounts," he said. "This diversifies the risk. If you have different cards, one card for each store, the impact [of a data breach] is minimal."

A customer carries a Saks Fifth Avenue shopping bag while walking on Fifth Avenue in New York, March 24, 2016.
Victor J. Blue/Bloomberg via Getty Images

Cole said he keeps his answers to online security questions in an encrypted vault.

Hudson's Bay said it is coordinating with law enforcement authorities and the payment card companies and no longer believes there is a risk to customers at its stores.