The Latest in IT Security

Neiman Marcus Breach Not as Bad as First Thought

24
Feb
2014

In the world of security, these types of announcements don’t happen often. While still bad news, the recently-disclosed data breach at Neiman Marcus has impacted fewer customers than the company first thought.

In early January, the high-end department store warnedthat customer credit and debit card information was compromised as a result of a cyber attack.

Neiman Marcus did not originally say how payment card numbers were affected as a result of the data breach, but on Jan. 23 said approximately 1,100,000 customer payment cards could have been potentially affected after hackers used sneaky point-of-sale (POS) malware to obtain details of customer payment cards.

Now, according to the investigation of the data breach, the number of potentially affected payments cards is lower, and is now estimated to roughly 350,000.

“The number has decreased because the investigation has established that the malware was not operating at all our stores, nor was it operating every day in those affected stores, during the July 16 -October 30 period,” Karen Katz, President and CEO of Neiman Marcus, wrote in a notice posted to the company’s Web site.

“We do know, and our forensic reports have confirmed, that malicious software (malware) was clandestinely installed on our system and that it attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013,” Katz said.

Fortunately, Neiman Marcus does not use PIN pads its retail locations, so PINs were never at risk, unlike the recent data breach at Target.

Neiman Marcus told SecurityWeek in January that it was warned by its credit card processor in mid-December about potentially unauthorized payment card activity that occurred following customer purchases at Neiman Marcus stores.

Of the 350,000 payment cards that may have been captured by the POS malware, Katz said Visa, MasterCard and Discover told Neiman Marcus that, so far, approximately 9,200 of were subsequently in fraudulent transcations elsewhere.

The Neiman Marcus Group operates 41 Neiman Marcus branded stores, 2 Bergdorf Goodman stores, and 35 Last Call stores.

Tweet

Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:Neiman Marcus Breach Not as Bad as First ThoughtMocana Unveils Appliance to Ease Secure Mobile App DeploymentsGood Technology Targets Mobile Service Management With Acquisition of BoxTone Apple Fixes Dangerous SSL Authentication Flaw in iOSGoogle Acquires Spider.io to Help Combat Online Ad Fraud

sponsored links

Tags: NEWS INDUSTRY

Incident Management

Data Protection

Tracking Law Enforcement

Cybercrime

Related posts:
  1. Neiman Marcus CEO apologizes for data breach, offers free credit monitoring
  2. Neiman Marcus Confirms Payment Card Data Stolen in Data Breach
  3. Nieman Marcus Says Hackers Stole Details of 1.1 Million Customer Credit Cards
  4. Neiman Marcus Provides Details on Data Breach, 1.1 Million Cards Compromised
  5. Neiman Marcus says hackers may have stolen payment card data

Tags:  
Written by SecurityWeek
0 Comments
Comments are closed.

Categories

THURSDAY, APRIL 25, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments