Neiman Marcus Confirms Data BreachBy: Shana Norris - January 12, 2014
Upscale retailer Neiman Marcus is the latest chain to announce a data breach that may put its customers at risk for credit card fraud.
According to Krebs on Security – the same site that broke news of the Target data breach back in December – Neiman Marcus confirmed that it is working with the US Secret Service to investigate a server break-in that exposed debit and credit card information of an unknown number of its customers.
Early last week, cyber security reporter Brian Krebs began hearing rumors from his sources in the financial industry of fraudulent debit and credit card charges that were being traced back to cards that had been recently used at Neiman Marcus stores.
On January 10, Krebs reported that he’d contacted the Dallas, TX-based upscale retailer about the rumors and received confirmation that they were indeed investigating a breach:
“Neiman Marcus was informed by our credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.
We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security.
The security of our customers’ information is always a priority and we sincerely regret any inconvenience. We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store.”
Retail giant Target made a similar announcement on December 19. From there, the news just kept getting worse. On December 27, the company announced that hackers had also stolen PIN information. On Friday, Target said that the number of customers affected by the data breach was closer to 70 million than the originally estimated 40 million. Furthermore, in addition to debit and credit card numbers, the hackers may have stolen names, addresses, phone numbers, and email addresses.
Robert Siciliano, a cyber security expert with McAfee, says it’s possible that the data breaches at Target and Neiman Marcus were perpetrated by the same group of hackers.
Adding to the general concern about credit card safety, Reuters announced today that smaller-scale data breaches have taken place at at least three other well-known US retailers.
Image via Wikimedia Commons