Neiman Marcus Reveals Breach DetailsMore Than 1 Million Cards Likely Exposed in Malware Attack
Neiman Marcus, the luxury retailer that in mid-January acknowledged its payments system may have been compromised, now says that between July 16 and Oct. 30 last year, more than 1 million credit and debit cards may have been breached.
In a statement issued Jan. 22, Neiman Marcus President and CEO Karen Katz says a network malware attack designed "to collect or scrape payment card data" had been identified by forensics investigators. The investigation is ongoing.
"To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently," Katz says in the company's statement. Last Call is a retail clearance center with 28 locations owned by Neiman Marcus.
No fraudulent activity has yet been linked to Neiman Marcus or Bergdorf Goodman payment cards, the statement notes. Bergdorf Goodman is a subsidiary of Neiman Marcus.
So far, the retailer says its investigation has revealed that personally identifiable information, such as Social Security numbers and dates of birth, was not compromised. The retailer also notes that online purchases and PINs were not adversely affected by the breach. "We do not use PIN pads in our stores," Katz states in the Jan. 22 statement.
Like Target Corp., which announced its network breach Dec. 19, Neiman Marcus is stressing its zero liability for consumers adversely affected by fraudulent charges.
"The policies of the payment brands such as Visa, MasterCard, American Express, Discover and the Neiman Marcus card provide that you have zero liability for any unauthorized charges if you report them in a timely manner," the company says. "Please contact your card brand or issuing bank for more information about the policy that applies to you."
Neiman Marcus also is offering free credit monitoring to all customers who conducted transactions at Neiman Marcus or Last Call from January 2013 to January 2014. "We are notifying all customers for whom we have addresses or e-mail," the company says.
Additional information is available for consumers under the general questions section on Neiman Marcus' website.