Hudson's Bay Co., the Toronto-based department store operator, is investigating a data security issue at some of its North American stores.

The probe concerns information from payment cards used at certain Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor outlets, the company said in a statement Sunday. Details from more than 5 million credit and debit cards are up for sale, according to a post from Gemini Advisory, a security firm. An external representative for Hudson's Bay declined to comment on Gemini's report.

The breach comes as Hudson's Bay is struggling to turn around declining same-store sales.

The retailer has already scrapped more than 2,000 jobs and hired a new chief executive in its battle to win back consumers. On March 28 the retailer reported fourth-quarter earnings that missed analysts' estimates, and its shares fell as much as 5.9 percent before ending the day up about 1.1 percent.

"HBC has identified the issue, and has taken steps to contain it," the company said in its statement, adding that it's working with the card companies and law enforcement.

Customers should flag any unfamiliar transactions to their card providers and Hudson's Bay will offer any affected shoppers free identity protection services. They won't be liable for fraudulent charges, the company said.

It's not the first time Hudson's Bay has run into trouble over data protection. The company published thousands of customers' personal information — including email addresses and phone numbers — last year. In that instance, payment data was not exposed, a spokeswoman said at the time.