On Friday Neiman Marcus announced that the company was hacked and that some customers’ credit and debit card information may have been stolen. The facts date back to mid-December last year, with a third party intelligence firm confirming the security intrusion on January, 1. This is the second cyber attack on a major retailer in one month, after the credit card data of over 70 million Target shoppers was compromised around the same time in December 2013.
In a statement company spokesperson Ginger Reeder said she ‘did not know how many customers could be affected by the breach”, but that the company has “begun to contain the intrusion and has taken significant steps to further enhance information security”. The investigation is still underway, but it seems that the customers affected recently used their credit card in a Neiman Marcus brick-and-mortar store. Currently there is no evidence that shoppers at the company’s online stores were affected.
Neiman Marcus is notifying “customers whose cards they know were used fraudulently after purchasing at their stores”. If you shop at Neiman Marcus look out for communication from them.
By the way, a great place to learn about data security breaches at retail is Krebs on Security (via Andréa Lopez). Read their coverage of the Neiman Marcus breach for more information.