Breach, Data Security, Incident Response, Malware, TDR

Neiman Marcus: 1.1 million cards potentially compromised during breach

Upscale retailer Neiman Marcus has now come forward with more information on the extent of its card breach.

On Wednesday, Neiman Marcus CEO Karen Katz announced via the company's website that malware on its payment systems may have compromised 1.1 million customer card accounts.

“While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system,” Katz wrote. “It appears that the malware actively attempted to collect or ‘scrape' payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware.”

So far, around 2,400 payment cards used at Neiman Marcus have been used fraudulently as a result of the three-month long breach.

Neiman Marcus was informed in mid-December 2013 of unauthorized payment card activity linked to customer purchases in its stores.

The retailer maintains that other sensitive financial data, such as PIN numbers, was not accessed during the incident, because Neiman Marcus does not use PIN pad devices at its locations.

In an FAQ section on its site, the company says that it is still unsure how many stores were impacted, or whether both credit and debit cards were affected by the breach.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.