More than one piece of malware is to blame for the recent cyber attack that affected 1.1 million Neiman Marcus customers.

Following an investigation, experts revealed that two pieces of malware “clandestinely inserted” into the company's network resulted in the breach, according to a letter sent to the New Hampshire state attorney's office penned by Tracy Preston, senior vice president and general counsel of the Neiman Marcus Group.

While the malware that scraped the card data was uploaded into systems as early as July 2013, its nefarious counterpart was inserted earlier in the year and allowed for the ensuing scraping malware to be uploaded and function.

Thus far, up to 2,400 credit and debit cards involved in the breach have been used for fraudulent transactions.