Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Neiman Marcus Breach Not as Bad as First Thought

Nieman Marcus Data Breach

In the world of security, these types of announcements don’t happen often. While still bad news, the recently-disclosed data breach at Neiman Marcus has impacted fewer customers than the company first thought.

Nieman Marcus Data Breach

In the world of security, these types of announcements don’t happen often. While still bad news, the recently-disclosed data breach at Neiman Marcus has impacted fewer customers than the company first thought.

In early January, the high-end department store warned that customer credit and debit card information was compromised as a result of a cyber attack.

Neiman Marcus did not originally say how payment card numbers were affected as a result of the data breach, but on Jan. 23 said approximately 1,100,000 customer payment cards could have been potentially affected after hackers used sneaky point-of-sale (POS) malware to obtain details of customer payment cards.

Now, according to the investigation of the data breach, the number of potentially affected payments cards is lower, and is now estimated to roughly 350,000.

“The number has decreased because the investigation has established that the malware was not operating at all our stores, nor was it operating every day in those affected stores, during the July 16 -October 30 period,” Karen Katz, President and CEO of Neiman Marcus, wrote in a notice posted to the company’s Web site.

“We do know, and our forensic reports have confirmed, that malicious software (malware) was clandestinely installed on our system and that it attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013,” Katz said.

Fortunately, Neiman Marcus does not use PIN pads at its retail locations, so PINs were never at risk, unlike the recent data breach at Target.

Neiman Marcus told SecurityWeek in January that it was warned by its credit card processor in mid-December about potentially unauthorized payment card activity that occurred following customer purchases at Neiman Marcus stores.

Advertisement. Scroll to continue reading.

Of the 350,000 payment cards that may have been captured by the POS malware, Katz said Visa, MasterCard and Discover told Neiman Marcus that, so far, approximately 9,200 of were subsequently in fraudulent transcations elsewhere.

The Neiman Marcus Group operates 41 Neiman Marcus branded stores, 2 Bergdorf Goodman stores, and 35 Last Call stores.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.