Saks Fifth Avenue and Lord & Taylor reported a data breach affecting millions of its customers.

According to the company “a well-known ring of cyber criminals” had stolen more than 5 million credit and debit card numbers from customers. According to the New York Times the cyber criminals were able to pull off this massive heist by implanting software into the cash register systems.

Although it is early in the investigation the the hack appears to have only affected card numbers and not social security or driver’s license numbers.

The majority of the affected credit cards appear to have been used at Saks and Lord & Taylor stores between May 2017 and March 2018 and only in the New York-New Jersey areas stores.

Both Saks 5th Ave. and Lord & Taylor are owned by the Canadian company Hudson’s Bay. The company issued the following statement:

“We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America. We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”

The timing is coincidental considering the Zippy’s line of restaurants was also recently impacted by a similar breach of a smaller scale, having customer credit card numbers skimmed off of their cash registers.

Stay safe out there.