Between May 2017 and March 2018, the FIN7 cybercriminal group (operating the JokerStash carding shop) compromised point-of-sale systems at all Saks Fifth Avenue and Lord & Taylor luxury department stores in North America. Saks Fifth Avenue and Lord & Taylor are brands owned by Hudson’s Bay Company (HBC). The attackers installed POS RAM-scraping malware and maintained access for approximately 10 months before detection. The breach was discovered when Gemini Advisory analysts found approximately 5 million stolen payment cards being sold on the JokerStash dark web marketplace in April 2018. The stolen cards were advertised as the ‘BIGBADABOOM-2’ database, advertised as the ’largest card dump in history’ at that time. HBC confirmed the breach on 1 April 2018. Exposed data included Track 1 and Track 2 payment card data (card numbers, expiration dates, cardholder names). HBC confirmed that personal information beyond card data may also have been exposed. All Saks and Lord & Taylor retail store locations in North America were affected. HBC worked with law enforcement and payment card companies to address the breach. FIN7 was responsible for hundreds of POS malware attacks against US businesses in the restaurant, hotel, and retail sectors, collectively stealing hundreds of millions of dollars worth of payment card data.