According to HBC, once they receive further information about the data breach, they will immediately get in touch with affected clients and will offer them free identity protection services including credit card and web monitoring.
As soon as they have more information, the companies will update their websites.
"Set up transactional monitoring", Levin advised.
"When data that's used for customer account login or for payments is centralized on a retailer's server, it's especially vulnerable", noted George Avetisov, CEO of HYPR, a provider of decentralized authentication services for businesses.
According to Gemini Advisory, a cyber security firm specializing in tracking stolen financial data, the credit card data was stolen by installing malicious software in the cash registers of the stores.
If you think you may have used your credit card at any of these chains between May 2017 and the end of March 2018, the first thing you need to do is not panic.
"A debit card is a direct pathway into [someone's] bank account", he continued.
Gemini urged all brick-and-mortar stores to switch from magnetic stripe card machines to Europay Mastercard and Visa, or EMV, terminals, which are able to verify purchases through a microchip in the physical card itself.
Most of the card details come from stores in NY and New Jersey, though Engadget notes that three Canadian stores in Toronto, Brampton, and Pickering may have also been hit.
"Be proactive", Dr. Eric Cole, a Central Intelligence Agency cybersecurity expert who served on the Commission for Cyber Security under former President Obama, told ABC News. "In the case of a compromised email-password combination, customers should make sure to change their passwords on that service and any other service that shares the same password".
"Before you click a link or open an attachment [from a merchant] check to see if [that email] really is from that store", he said. Otherwise, it's only a matter of time before they get hacked, too.
Saks says that only its brick and mortar stores were affected, online shoppers were not exposed to the attack.
What would you have done differently, PR Daily readers?
Cole said he keeps his answers to online security questions in an encrypted vault.