Saks Stores & Under Armour: 3 Days, 2 Breaches

What happened?

Saks stores & Under Armour have both confirmed data breaches impacting their organizations. As of April 1, 150 million usernames, emails and passwords from Under Armour, and 5 million credit/debit cards from Saks and Lord & Taylor retail stores have been compromised in data breach events.  

Saks and Lord & Taylor Stores – Hudson’s Bay Company

Hudson’s Bay Company – owner of Saks Fifth Avenue, Saks Off 5th and Lord & Taylor retail stores – confirmed a data breach on April 1.

Scope of Breach

5 million credit and debit cards

• 130 Saks and Lord & Taylor locations impacted


The company has confirmed that only payment cards used for in-store purchases were affected.

Security experts like cybersecurity firm Gemini Advisory note that this breach is “amongst the biggest and most damaging” to impact retail companies. However, Hudson’s Bay Company says it will offer free credit and web monitoring services to impacted individuals.


Under Armour – MyFitnessPal

Under Armour’s recent data breach impacted individuals using its nutrition and fitness app MyFitnessPal.

Scope of Breach

150 million MyFitnessPal accounts

• Usernames, email addresses, hashed passwords were compromised


Under Armour became aware of the breach only days before the official announcement. The company stated that an “unauthorized party” first accessed MyFitnessPal data in February 2018.  

Fortunately, customer payment data is collected by Under Armour separately and was not affected by this breach. In addition, some passwords were hashed with “bcrypt,” a security mechanism that makes even exposed passwords tough to crack.


What should you do?

If you’ve been impacted by the data breaches at Saks stores & Under Armour, you’ll need to lock down any information that was exposed in these events. Use these tips to stay one step ahead of identity thieves and help prevent further misuse of your information:


Saks Retail Stores

  • Reach out to your financial institution about any cards that may have been impacted by the Hudson’s Bay Company data breach.
  • Keep an eye on your financial statements and look for signs of suspicious or fraudulent activity.

Under Armour

  • Update the login credentials for your MyFitnessPal account. MyFitnessPal allows you to change your username once, but you can change the email and password associated with your account at any time.
  • Be on the lookout for phishing emails that are typically sent after a data breach event to capture more information about you.

Additional Resources:

What Happens to Your Information After a Data Breach?
The Dark Web & What It Means to Your Identity
Data Breaches Resource Page

Continue following Fighting Identity Crimes to get updates on the Saks stores & Under Armour data breaches, as well as ID protection news & tips from our industry experts.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.