Neiman Marcus is latest victim of security breach

Jan 12, 2014 by Anne D'innocenzio
In this Wednesday, March 11, 2009 file photo, the Chicago skyline is reflected in the exterior of Neiman Marcus on Michigan Avenue in Chicago. Neiman Marcus confirmed Saturday, Jan. 11, 2014 that thieves may have stolen customers' credit and debit card information and made unauthorized charges over the holiday season, becoming the second retailer in recent weeks to announce it had fallen victim to a cyber-security attack. (AP Photo/M. Spencer Green, File)

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent weeks to announce it had fallen victim to a cyber-security attack.

The hacking, coming weeks after Target Corp. revealed its own breach, underscores the increasing challenges that merchants have in thwarting security breaches.

Ginger Reeder, spokeswoman for Dallas-based Neiman Marcus Group Ltd., said in an email Saturday that the retailer had been notified in mid-December by its credit card processor about potentially unauthorized payment activity following customer purchases at stores. On Jan. 1, a forensics firm confirmed evidence that the upscale retailer was a victim of a criminal cyber-security intrusion and that some customers' credit and debit cards were possibly compromised as a result.

Reeder wouldn't estimate how many customers may be affected but said the merchant is notifying customers whose cards it now knows were used fraudulently. Neiman Marcus, which operates more than 40 upscale stores and clearance stores, is working with the Secret Service on the breach, she said.

"We have begun to contain the intrusion and have taken significant steps to further enhance information security," Reeder wrote.

Robert Siciliano, an expert with McAfee, a computer security software maker, says it is possible Neiman Marcus doesn't yet know the extent of the breach. He says he believes that the Neiman Marcus and Target thefts were likely committed by the same organized group, based on his experience and the fact that the incidents happened at around the same time.

"It's a knee-jerk reaction that the security industry has right now," he added.

Target disclosed Friday that its massive data theft was significantly more extensive and affected millions more shoppers than the company announced in December. The second largest U.S. discounter said hackers stole personal information—including names, phone numbers, email and mailing addresses—from as many as 70 million customers as part of a it discovered last month.

The Minneapolis-based Target announced Dec. 19 that some 40 million credit and debit card accounts had been affected by a data breach that happened from Nov. 27 to Dec. 15—just as the holiday shopping season was getting into gear.

As part of that announcement, the company said customers' names, credit and , card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.

According to new information gleaned from its investigation with the Secret Service and the Department of Justice, Target said Friday that criminals also took non-credit card related data for some 70 million customers. This is information Target obtained from customers who, among other things, used a call center and offered their phone number or shopped online and provided an email address.

Some overlap exists between the 70 million individuals and the 40 million compromised credit and debit accounts, Target said.

When Target releases a final tally, the theft could become the largest data breach on record for a retailer, surpassing an incident uncovered in 2007 that saw more than 90 million records pilfered from TJX Cos. Inc.

Target acknowledged Friday that the news of the data theft has scared some shoppers away. It cut its earnings outlook for the quarter that covers the crucial and warned that sales would be down for the period.

Explore further: Target: Customers' encrypted PINs were stolen

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Target: Customers' encrypted PINs were stolen

Dec 27, 2013

Target said Friday that debit card PIN numbers were among the financial information stolen from millions of U.S. customers who shopped at the retailer earlier this month.

Recommended for you

Startups offer banking for smartphone users

Aug 30, 2014

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

'SwaziLeaks' looks to shake up jet-setting monarchy

Aug 29, 2014

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

Ecuador heralds digital currency plans (Update)

Aug 29, 2014

Ecuador is planning to create what it calls the world's first digital currency issued by a central bank, which some analysts believe could be a first step toward abandoning the country's existing currency, ...

User comments : 0