Security Experts:

Neiman Marcus Breach Not as Bad as First Thought

Nieman Marcus Data Breach

In the world of security, these types of announcements don’t happen often. While still bad news, the recently-disclosed data breach at Neiman Marcus has impacted fewer customers than the company first thought.

In early January, the high-end department store warned that customer credit and debit card information was compromised as a result of a cyber attack.

Neiman Marcus did not originally say how payment card numbers were affected as a result of the data breach, but on Jan. 23 said approximately 1,100,000 customer payment cards could have been potentially affected after hackers used sneaky point-of-sale (POS) malware to obtain details of customer payment cards.

Now, according to the investigation of the data breach, the number of potentially affected payments cards is lower, and is now estimated to roughly 350,000.

“The number has decreased because the investigation has established that the malware was not operating at all our stores, nor was it operating every day in those affected stores, during the July 16 -October 30 period,” Karen Katz, President and CEO of Neiman Marcus, wrote in a notice posted to the company’s Web site.

“We do know, and our forensic reports have confirmed, that malicious software (malware) was clandestinely installed on our system and that it attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013,” Katz said.

Fortunately, Neiman Marcus does not use PIN pads at its retail locations, so PINs were never at risk, unlike the recent data breach at Target.

Neiman Marcus told SecurityWeek in January that it was warned by its credit card processor in mid-December about potentially unauthorized payment card activity that occurred following customer purchases at Neiman Marcus stores.

Of the 350,000 payment cards that may have been captured by the POS malware, Katz said Visa, MasterCard and Discover told Neiman Marcus that, so far, approximately 9,200 of were subsequently in fraudulent transcations elsewhere.

The Neiman Marcus Group operates 41 Neiman Marcus branded stores, 2 Bergdorf Goodman stores, and 35 Last Call stores.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.