The sun shines through flags on the facade of Saks flagship store on New York's Fifth Avenue, . Saks Inc. agreed to sell itself to Hudson's Bay Co., the Canadian parent of upscale retailer Lord & Taylor, for about $2.4 billion in a deal that will bring luxury to more North American localesSaks Acquisition, New York, USA

Hudson’s Bay Co. fended off a malware attack on March 31, but said its digital attackers going after customer information first entered its systems in July.

The company disclosed the attack on Easter Sunday, right after it was discovered and has underscored that not all customers were impacted and that those who were will not be liable for any fraudulent charges. Potentially impacted shoppers are also being given identity protection services free of charge.

The nine-month attack targeted “certain point of sale systems at potentially all Saks Fifth Avenue, Saks Off 5th and Lord & Taylor locations in North America,” the retailer said.

Helena Foulkes, Hudson’s Bay’s new chief executive officer, said: “Our customers are our top priority and we take the protection of their information very seriously. We deeply regret any concern this issue may have caused. Throughout this process, we have made it our goal to work quickly to provide support and information to our customers and we will continue to serve them with that same dedication.”

The firm has been working with data security experts, law enforcement and payment card companies to untangle the mess.

Hudson’s Bay said there was no indication that its e-commerce or digital operations or its Hudson’s Bay, Home Outfitters and HBC Europe were impacted. Saks Fifth Avenue credit cards also skirted the attack.

“The malware was designed to collect customers’ payment card information, including cardholder name, payment card number and expiration date,” Hudson’s Bay said. “The company has no evidence that contact information, Social Security or Social Insurance numbers, driver’s license numbers, or PINs associated with the cards were affected by this issue.”

Data attacks have become a familiar threat across retail. Just before Hudson’s Bay discovered its intrusion, Under Armour Inc. said the hackers gained access to information of as many as 150 million people who use its MyFitnessPal app. Target Corp., The TJX Cos. Inc. and many others have also fallen victim to digital attacks over the years.