Neiman Marcus Provides Details on Data Breach, 1.1 Million Cards Compromised

2,400 payment cards already used for fraudulent purchases

The Neiman Marcus data breach is bad. Not as bad as in the case of Target, where 40 million payment cards have been compromised, but still bad. The company says that cybercriminals obtained information from a total of 1.1 million cards.

In a notice posted on its website, the high-end retailer reveals additional details regarding the recent incident.

Apparently, social security numbers and dates of birth have not been accessed by the attackers. Online shoppers are not affected. No fraudulent activities have been reported on Neiman Marcus and Bergdorf Goodman cards. Finally, PINs have not been obtained because PIN pads are not used in the retailer’s stores.

That’s the good news. The bad news is that the cybercriminals installed a sophisticated piece of malware on the company’s systems on July 16, 2013. The malicious software had collected payment card data until October 30, 2013. Of the 1.1 million compromised cards, according to Visa, MasterCard and Discover, 2,400 have been used for fraudulent purchases.

“We are notifying ALL customers for whom we have addresses or email who shopped with us between January 2013 and January 2014, and offering one free year of credit monitoring and identity-theft protection,” Neiman Marcus stated.

The retailer is still working on determining which stores have been affected by the breach. In the meantime, the company says it's taking a number of steps to prevent future incidents, including reinforcing security tools, reviewing IDSs and firewalls, changing software and security credentials, and reviewing and hardening systems.

In the meantime, representatives of the banking and retail industry have gotten into an argument about who’s to blame for the recent data breaches. The retail industry says it’s the banking sector's fault because it has failed to implement “PIN and Chip” cards.

On the other hand, the banking industry says that retailers are often violating security agreements and fail to deploy technology that would alert them of data breaches.

Hot right now  ·  Latest news