Hudson's Bay Company subsidiaries breached.
On March 28, 2018, the JokerStash "hacking syndicate" (also known as "Fin7") began offering more than 5 million payment cards for sale in dark web souks. The cards appear to have been compromised in a breach of retailers Saks and Lord and Taylor dating to May 2017. Both retailers are owned by the Hudson's Bay Company. The breach was publicly disclosed this past Sunday (New York Times).
125 thousand records have been released for sale so far; the rest are expected to appear on the black market within months. Hudson's Bay tersely says it's addressed problems in its network security, continues to investigate, and plans to offer affected customers the usual sorts of post-breach assistance, including "free identity protection services, including credit and web monitoring" (Reuters).