Cybercriminals Had Access to Neiman Marcus Systems for Six Months [NYT]
Some of the compromised credit cards have been used for fraudulent purchases
Neiman Marcus still hasn’t provided too many details regarding the data breach it has suffered recently. However, sources close to the investigation say cybercriminals had access to the company’s systems since at least mid-July 2013.The New York Times has learned that the company only fully contained the breach last Sunday, despite learning of it in mid-December 2013.
Shortly after discovering the breach, the high-end retailer told credit card companies that the compromised information was being used to make fraudulent purchases. The company says it doesn’t store PINs, so the information couldn’t have been obtained by the attackers.
However, PINs are not needed for online transactions so the payment card information can still be misused.
The exact number of impacted individuals hasn’t been revealed, but it’s probably a lot less than in the case of Target, which has found that the credit card details of 40 million people had been obtained by cybercriminals.
For the time being, there's no evidence that the two breaches are connected in any way.
At least one class action has already been filed against Neiman Marcus due to the incident.