Initial attack thought to have begun last July, parent company confirms.

A data breach at US branches of Saks and Lord & Taylor shops lasted nine months before it was detected, parent company Hudson’s Bay Company has announced.

Customer card details were discovered to have been stolen after a malware attack aimed at Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor stores.

The incident was contained on March 31 this year, and the company reported the breach on April 1.

But the attack is thought to have begun as early as July 1 last year, and went undetected for months.

Helena Foulkes, chief executive of HBC, said in a statement: “Throughout this process, we have made it our goal to work quickly to provide support and information to our customers and we will continue to serve them with that same dedication.

“The company wants to reassure affected customers that they will not be liable for fraudulent charges that may result from this matter.”

Stolen details include the cardholder’s name, payment card number and expiration date.

Up to five million people are thought to have been affected in the incident.

The Daily Swig has reached out for comment.