Security Experts:

Connect with us

Hi, what are you looking for?



Nieman Marcus Says Hackers Stole Details of 1.1 Million Customer Credit Cards

High-end department store Neiman Marcus said that between July 16 and October 30, 2013, hackers using sneaky point-of-sale malware were able to obtain details of roughly 1,100,000 customer payment cards.

Nieman Marcus Data Breach

High-end department store Neiman Marcus said on Thursday that between July 16 and October 30, 2013, hackers using sneaky point-of-sale malware were able to obtain details of roughly 1,100,000 customer payment cards.

“While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system,” Karen Katz President and CEO of Neiman Marcus Group, wrote in letter to customers. “It appears that the malware actively attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware.”

So far, Visa, MasterCard and Discover told the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were used fraudulently.

Based on the investigation so far, social security numbers and birth dates were not compromised, the company said.

Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity, the company said, and online customers do not appear to have been affected.

Fortunately, Neiman Marcus does not use PIN pads its retail locations, so PINs are not at risk, unlike the recent data breach at Target.

It is not known if there is any connection between the Target and Neiman Marcus data breaches.

On Jan. 11, Neiman Marcus told SecurityWeek that they were informed by their credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at Neiman Marcus Group stores.

Since then, the company has remained silent on the issue.

According to Daniel Ingevaldson, CTO at Easy Solutions, some compromised card numbers taken from Neiman Marcus may have hit the cybercrime underground in early January.

“On Jan 4th, we saw a dump of 2 Million cards onto the black market – one of the largest single day drops we’ve seen in a while,” Ingevaldson said after news of the breach was initally disclosed. “While we can’t definitively say what the source of the breach was, the percentage of Extremely High Value cards is significantly higher than we see on average,” he continued. “These are cards like the Amex Centurion card – an invite-only card that comes with a $7500 setup fee, and $2500 annual fee. While it is hard to determine from a single black market, this would indicate these could come from a high end source, such as Neiman Marcus.”

News of the breach was initially reported by cybercrime researcher and blogger Brian Krebs. Krebs said he was informed by sources from the financial industry about fraudulent credit and debit card charges that were traced to cards that had been recently used at bricks-and-mortar Neiman Marcus locations.

The Neiman Marcus Group operates 41 Neiman Marcus branded stores, 2 Bergdorf Goodman stores, and 35 Last Call stores.

On Thursday afternoon, Reuters reported that the FBI has issued a warning to U.S. retailers, saying they should prepare for more cyber attacks after discovering about 20 cases over the past year that involved point of sale malware.

Related Analysis: How Cybercriminals Attacked Target

SecurityWeek’s Cyber Insights 2023 is a series of in-depth feature articles that examine major pain points in cybersecurity risk and remediation. SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the major security issues of today – and how these issues might evolve. We believe this provides the single most extensive contemporary collection of cybersecurity problems and solutions for now, for 2023, and for the years that follow. (The full index of topics is available here)
Cyber Insights | 2023

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.