Neiman Marcus: Up to 1.1M affected by hack

As many as 1.1 million people might have had their credit or debit card data stolen during a data breach at Neiman Marcus last year.

The upscale retailer disclosed details about the hack on Thursday, weeks after a forensics firm first discovered evidence on Jan. 1.

“We deeply regret and are very sorry that some of our customers' payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information,” Neiman Marcus CEO Karen Katz said on the company’s website.

Hackers broke into the store’s computers and installed malicious software on its system, Katz said. The software then took customers’ card data from July 16 to Oct. 30.

People who shopped at the store online do not seem to be affected by the hack, she noted. 

Of the approximately 1.1 million cards were exposed, about 2,400 have since been used fraudulently. according to major credit cards companies.

The number of people affected by the hack is significantly smaller than were exposed during a more recent data breach at Target. In November and October, as many as 110 million people had their card data, names, email addresses or other personal information stolen from the Minneapolis-based retailer.

The twin data breaches have raised alarms in Congress. Lawmakers said the hacks highlight the need for a new law requiring retailers to safeguard their customers’ data and notify them in the case of a breach.

“This incident shows how innovative, malicious software with self-concealing, camouflaging features is difficult to successfully and rapidly investigate or stop,” Sen. Richard Blumenthal (D-Conn.) said in a statement.

“All retailers have an obligation to enhance protections against cyberattacks with better cyber firewalls and fortress-like defenses. Consumers deserve and need these protections.”  

Next month, Target’s chief financial officer, John Mulligan, will testify before the Senate Judiciary Committee about cyberattacks, along with officials from the Federal Trade Commission, Justice Department, the Secret Service and the consumer advocacy group Consumers Union.

Neiman Marcus is notifying all customers that shopped at the store last year and offering a free year of credit monitoring and identity theft protection. 

More in Cybersecurity

Dem: USIS data breach affected more than 27K

Read more »