14 DAY TRIAL // Shortly after learning that it had suffered a data breach, high-end retailer Neiman Marcus revealed that a piece of malware might have captured the data of as many as 1.1 million payment cards. After further analysis, the company has now determined that only around 350,000 cards are affected.
In a letter published last week on the company’s website, Neiman Marcus CEO and President Karen Katz noted that the number decreased because experts determined that the malware was not operating at all stores, and it wasn’t operating every day.
“Of the 350,000 payment cards that may have been affected by the malware in our system, Visa, MasterCard and Discover have notified us to date that approximately 9,200 of those were subsequently used fraudulently elsewhere,” Katz explained.
“Regardless of whether or not your card was affected, we have notified customers for whom we have mailing and/or e-mail addresses who shopped with us either in-store or online in 2013. Additionally, we are offering one free year of credit monitoring and identity-theft protection,” she added.
So far, there’s no evidence that Social Security numbers and dates of birth have been compromised. There’s also no indication that Neiman Marcus cards have been used fraudulently, or that online customers are impacted by the breach. Furthermore, PINs are not at risk because the retailer doesn’t use PIN pads in its stores.
Although the Neiman Marcus breach was announced shortly after Target admitted being hacked, experts say there doesn’t appear to be any connection between the incidents.
In the case of Neiman Marcus, the attackers had access to the company’s systems for around eight months, but card data was stolen only between July 16 and October 30, 2013.