http://nyti.ms/1aNek5h
The theft of consumer data from Neiman Marcus appears far deeper than had been disclosed originally, with the company now saying that hackers invaded the luxury retailer’s systems for several months in a breach that involved at least 1.1 million credit and debit cards.
In a statement posted on its website Wednesday night, Neiman Marcus said that malware had been installed in its system and had pulled payment data off cards used from July 16 to Oct. 30. MasterCard, Visa and Discover have told the company that about 2,400 cards used at Neiman Marcus and its Last Call outlet stores have since been used fraudulently.
Federal investigators, including the Secret Service and the F.B.I., have been trying to determine whether the extensive security breach at Target and the one at Neiman’s are related. Investigators and security experts have described a loose band of hackers from Eastern Europe as the likeliest suspects in the Target theft. Security experts working with the authorities have said that the hackers were eyeing several major retailers as potential targets.
Neiman Marcus Group, which also own Bergdorf Goodman, said it would notify all customers who shopped in those stores between January 2013 and January 2014 – and for whom the company has a mailing or email address. They also said they would offer one free year of credit monitoring to all of those shoppers.
The company was first told there may have been a breach in mid-December, when its payment processor said unauthorized charges were turning up on cards that had been used at Neiman Marcus Group stores. The company informed federal law enforcement, and a forensic investigation found evidence of the breach on Jan. 1, Neiman said.
The week before Christmas, Target announced that 40 million of its customers had their credit and debit card information compromised. Those customers shopped in its stores between Nov. 27 and Dec. 15., in the crush of the holiday shopping season. Then in January, Target said another batch of data, personal information like addresses and phone numbers that the company had collected over – leaving a group of 70 million of its customers exposed.
At Target, malware installed on point-of-sale systems snatched customer data off the card magnetic strip, and then covered its own tracks by immediately deleting the file where the data had been stored, according to people with knowledge of the investigation.
Neiman said it had no knowledge of a connection between the two attacks. Social security numbers, PIN data and birth dates were not compromised, the company said.
“For over a century, our company’s mission has been dedicated to delivering exceptional service to each of our customers, and responding properly to this attack is our top priority,” Karen Katz, chief executive of Neiman Marcus Group said on the company’s web site. “Our goal is to do everything possible to restore your trust and to earn your loyalty.”
More on nytimes.com
- © 2014 The New York Times Company
- Contact Us
- Work With Us
- Advertise
- Your Ad Choices
- Privacy
- Terms of Service
- Terms of Sale
more

{ 0 comments... » Neiman Marcus Breach Affected 1.1 Million Cards read them below or add one }
Post a Comment