Earlier this month, high-end retailer Neiman Marcus confirmed that they had been the target of a widespread data breach that saw hackers gain access to customer credit cards via a sophisticated malware attack. At that time, the company launched an investigation into the breach.
Now, Neiman Marcus is sharing some of the preliminary findings and have admitted that the breach may have affected 1.1 million customers.
The security of our customers' information is always a priority and we sincerely regret any inconvenience.
— Neiman Marcus (@neimanmarcus) January 11, 2014
“Neiman Marcus was informed by our merchant processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores. We informed federal law enforcement agencies and began working actively with the U.S. Secret Service, the payment brands, our merchant processor, a leading investigations, intelligence and risk management firm, and a leading payment brand-approved forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. At this time, the malicious software we have found has been disabled,” said Neiman last week.
In a new statement posted on their site, Neiman says they “deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores.”
Out of the 1.1 million payment cards exposed, only a handful have been confirmed to have been used to make fraudulent purchases. Visa, MasterCard, and Discover have notified the company of 2,400 such instances.
The malware responsible for snatching the information was reportedly active for many months, spanning from mid-July to the end of October, 2013.
As you probably know, Neiman Marcus isn’t the only high-profile retailer to suffer a massive data breach. Target is dealing with its own attack, which exposed approximately 70 million accounts (they originally said 40 million, but later upped the count).
Some blame the rash of high-profile payment system breaches to the United States’ outdated card technology. While the U.S. still uses magnetic strips on their credit and debit cards, many other countries (and the majority of Europe) have moved on to EMV technology, which uses a small computer chip to handle transactions.
Still, analysts say that a switch to such technology would be costly – plus they’re unsure if EMV tech would have actually prevented the Target and Neiman hacks, or simply lessened their scope.
The recent slew of data breaches has garnered the attention of Congress, who is set to hold hearings during the first week of February to “examine data breaches and their effect on consumers.” Target is their guest of honor.
Image via Wikimedia Commons