Neiman Marcus Reveals Breach Details

More Than 1 Million Cards Likely Exposed in Malware Attack
Neiman Marcus Reveals Breach Details

Neiman Marcus, the luxury retailer that in mid-January acknowledged its payments system may have been compromised, now says that between July 16 and Oct. 30 last year, more than 1 million credit and debit cards may have been breached.

See Also: On Demand | Defining a Detection & Response Strategy

In a statement issued Jan. 22, Neiman Marcus President and CEO Karen Katz says a network malware attack designed "to collect or scrape payment card data" had been identified by forensics investigators. The investigation is ongoing.

"To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently," Katz says in the company's statement. Last Call is a retail clearance center with 28 locations owned by Neiman Marcus.

No fraudulent activity has yet been linked to Neiman Marcus or Bergdorf Goodman payment cards, the statement notes. Bergdorf Goodman is a subsidiary of Neiman Marcus.

So far, the retailer says its investigation has revealed that personally identifiable information, such as Social Security numbers and dates of birth, was not compromised. The retailer also notes that online purchases and PINs were not adversely affected by the breach. "We do not use PIN pads in our stores," Katz states in the Jan. 22 statement.

Like Target Corp., which announced its network breach Dec. 19, Neiman Marcus is stressing its zero liability for consumers adversely affected by fraudulent charges.

"The policies of the payment brands such as Visa, MasterCard, American Express, Discover and the Neiman Marcus card provide that you have zero liability for any unauthorized charges if you report them in a timely manner," the company says. "Please contact your card brand or issuing bank for more information about the policy that applies to you."

Neiman Marcus also is offering free credit monitoring to all customers who conducted transactions at Neiman Marcus or Last Call from January 2013 to January 2014. "We are notifying all customers for whom we have addresses or e-mail," the company says.

Additional information is available for consumers under the general questions section on Neiman Marcus' website.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.