Security Experts:

Connect with us

Hi, what are you looking for?



Nieman Marcus Says Hackers Stole Details of 1.1 Million Customer Credit Cards

Nieman Marcus Data Breach

High-end department store Neiman Marcus said on Thursday that between July 16 and October 30, 2013, hackers using sneaky point-of-sale malware were able to obtain details of roughly 1,100,000 customer payment cards.

Nieman Marcus Data Breach

High-end department store Neiman Marcus said on Thursday that between July 16 and October 30, 2013, hackers using sneaky point-of-sale malware were able to obtain details of roughly 1,100,000 customer payment cards.

“While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system,” Karen Katz President and CEO of Neiman Marcus Group, wrote in letter to customers. “It appears that the malware actively attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware.”

So far, Visa, MasterCard and Discover told the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were used fraudulently.

Based on the investigation so far, social security numbers and birth dates were not compromised, the company said.

Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity, the company said, and online customers do not appear to have been affected.

Fortunately, Neiman Marcus does not use PIN pads its retail locations, so PINs are not at risk, unlike the recent data breach at Target.

It is not known if there is any connection between the Target and Neiman Marcus data breaches.

On Jan. 11, Neiman Marcus told SecurityWeek that they were informed by their credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at Neiman Marcus Group stores.

Since then, the company has remained silent on the issue.

According to Daniel Ingevaldson, CTO at Easy Solutions, some compromised card numbers taken from Neiman Marcus may have hit the cybercrime underground in early January.

“On Jan 4th, we saw a dump of 2 Million cards onto the black market – one of the largest single day drops we’ve seen in a while,” Ingevaldson said after news of the breach was initally disclosed. “While we can’t definitively say what the source of the breach was, the percentage of Extremely High Value cards is significantly higher than we see on average,” he continued. “These are cards like the Amex Centurion card – an invite-only card that comes with a $7500 setup fee, and $2500 annual fee. While it is hard to determine from a single black market, this would indicate these could come from a high end source, such as Neiman Marcus.”

News of the breach was initially reported by cybercrime researcher and blogger Brian Krebs. Krebs said he was informed by sources from the financial industry about fraudulent credit and debit card charges that were traced to cards that had been recently used at bricks-and-mortar Neiman Marcus locations.

The Neiman Marcus Group operates 41 Neiman Marcus branded stores, 2 Bergdorf Goodman stores, and 35 Last Call stores.

On Thursday afternoon, Reuters reported that the FBI has issued a warning to U.S. retailers, saying they should prepare for more cyber attacks after discovering about 20 cases over the past year that involved point of sale malware.

Related Analysis: How Cybercriminals Attacked Target

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack