Department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor have suffered a data breach that apparently exposed details on 5 million payment cards for customers in North America, Toronto-based parent organization Hudson's Bay Company said on Sunday.

Stolen card data first appeared for sale last Wednesday. "On March 28, 2018, a notorious hacking JokerStash syndicate, also known as Fin7, announced the latest breach of yet another major corporation, with more than five million stolen payment cards offered for sale on the dark web," Gemini Advisory says. "Several large financial institutions have confirmed that all tested records had been used before at Saks Fifth Avenue, Saks Fifth Avenue Off 5th - a discounted offset brand of luxury Saks Fifth Avenue stores - as well as Lord & Taylor stores."

The JokerStash syndicate has been tied to previous sales of payment card data stolen in previous breaches, including a breach at Dallas-based luxury hotel chain Omni Hotels & Resorts that began in late 2015 and was discovered in May 2016 (see Omni Hotels & Resorts Hit by Hacker).

At the time, cybercrime intelligence firm Flashpoint told Information Security Media Group that the breach came to light after JokerStash began selling more than 50,000 payment cards stolen from Omni Hotels. At the time, Flashpoint said JokerStash was selling the stolen Omni Resorts cards data via its own website, but advertising them for sale on two Russian-language communities called Verified and Omerta.

Read more: Bank Info Security