Canadian-based Hudson’s Bay Company, which runs US-based Saks and Lord & Taylor, announced on Sunday night that it had been hit with a cyberattack. While the extent of it is as yet unconfirmed, millions of payment cards may have been compromised. If it turns out to be true, this would make the data breach the largest of its kind in the past year.

According to Reuters, the retail company reports it has contained the breach, but has not confirmed if its network is secure. Meanwhile, The New York Times reports that the data “appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month.”

The cyberattack group responsible for the data breach is believed to be JokerStash, which is known for selling stolen data.

Reuters reports that, according to researchers, the hacker group plans to release more than 5 million stolen credit card and has so far released about 125,000 payment cards.

“The bulk of the 5 million card numbers that JokerStash said it plans to release are likely from Saks and Lord & Taylor, but it is too early to say for sure,” writes Reuters.

Get the full story at Reuters.