Skip to content ↓ | Skip to navigation ↓

Neiman Marcus now estimates that the breach of customer data exposed as many as 1,1 million customer accounts, far from the estimated 110 million Target customer accounts compromised in a similar breach targeting point-of-sale (POS) systems, but nonetheless disconcerting.

“While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system,” CEO Karen Katz said in a statement.

“It appears that the malware actively attempted to collect or ‘scrape’ payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.”

On the upside, the company offered the following details:

  • Social security numbers and birth dates were not compromised
  • Our Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity
  • Customers that shopped online do not appear to have been impacted
  • PINs were never at risk because we do not use PIN pads in our stores

The company said they are notifying as many customers as they can who shopped between January 2013 and January 2014, and are offering them one year of freed credit monitoring and identity-theft protection services.

The also noted that “the policies of the payment card brands such as Visa, MasterCard, American Express, Discover and the Neiman Marcus card provide that you have zero liability for any unauthorized charges if you report them in a timely manner.”

Last week the FBI issued an advisory to retailers warning that the “memory-parsing” malware that infects point-of-sale (POS) systems such as cash registers and credit-card terminals used in the Neiman Marcus and Target breaches has been connected to some 20 other hacking cases in the past year, and to expect more breaches to come.

Read More Here…