NEW YORK (CBS News/CBSLA) -- A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores, including locations in Southern California.
The chains' parent company, Canada-based Hudson's Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.
"We will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring," the company said in a statement.
New York-based security firm Gemini Advisory LLC says that a hacking group called JokerStash announced last week that it had put up for sale more than 5 million stolen credit and debit cards, and that the compromised records came from Saks and Lord & Taylor customers.
The firm says that all Lord & Taylor stores and 83 U.S.-based Saks Fifth Avenue stores, including unspecified locations in Southern California, were affected, although the majority of stolen card numbers come from stores in New York and New Jersey.
Hudson's Bay says customers won't be liable for fraudulent charges. It plans to offer free identity protection services.
