The systems of Neiman Marcus, a Dallas-based retailer that specializes in luxury goods, have been hacked. As a result of the breach, customer payment card information has been compromised.
Brian Krebs says that he learned of the breach earlier this week from his sources in the financial industry. Apparently, the stolen information is already being abused for fraudulent charges.
Neiman Marcus representatives have confirmed for Krebs that their systems have been breached. They learned of the breach in mid-December after being notified by their credit card processor.
So far, the company doesn’t know how the cybercriminals gained access to the payment card information, and it’s uncertain for how long they’ve had access to their systems.
Currently, there’s no evidence that individuals who made purchases on Neiman Marcus’ website are impacted.
“We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation,” Neiman Marcus spokesperson Ginger Reeder explained.
Neiman Marcus is not the only retailer targeted by cybercriminals last year. Target also suffered a massive data breach in which customer payment cards have been compromised.
Initially, the company said around 40 million people were affected. However, on Friday, it revealed that the names, addresses, email addresses or phone numbers of 70 million customers had been obtained by the attackers.
In Target’s case, it’s uncertain who is behind the attack, but Krebs has identified one Ukrainian who appears to be responsible for selling the stolen card data on the underground market.
It’s uncertain if he’s directly involved in the breach, but he does have some connection to it since he had offered Krebs $10,000 (€7,300) not to run his story.