WASHINGTON — Neiman Marcus executives on Tuesday defended their actions following a data breach at the luxury retailer that impacted 1.1 million of its customers.
In testimony before the Senate Judiciary Committee, Michael R. Kingston, senior vice president and chief information officer at Neiman Marcus Group Ltd. LLC, said the company did not learn it had a “problem” with its computer system until Jan. 2, which was followed by a forensics investigation and disabling the malware.
Kingston said Neiman’s merchant processor informed it on Dec. 13 that Visa had “an unknown number of fraudulently reported credit cards with a possible common point of purchase at a small number of Neiman Marcus stores.” While Neiman’s pressed for more information, the merchant processor did not respond until four days later, when it said 122 MasterCards were fraudulently used. Kingston said that because of the malware’s sophisticated antidetection devices, the retailer did not learn from its forensic investigators that it had an “actual problem” with malware in its system until Jan. 2. It notified customers eight days later.
Kingston said current evidence in the ongoing forensic investigation has revealed that the potential customer payment card account information that was compromised by the malware came from transactions at 77 of its 85 stores between July and October. He said there is no indication that transactions on its Web sites or restaurants were compromised and that no PIN numbers were stolen because Neiman Marcus does not use PIN pads at its stores.
“The policies of payment card brands protect our customers from any liability for any unauthorized charges if the fraudulent charges are reported in a timely manner,” Kingston said in his testimony. “Nonetheless, we have now offered to any customer who shopped with us in the last year at either Neiman Marcus Group stores or Web sites — whether their card was exposed to the malware or not — one year of free credit monitoring and identity-theft insurance,” Kingston said. RELATED STORY: Washington Steps Up Data Security Focus >>
Senators grilled Target Corp. and Neiman’s executives on the data security breaches that have affected millions of consumers, probing the industry’s preparedness to prevent future attacks and legislation to establish national standards and breach notification.
Prior to the hearing, Sens. Richard Blumenthal (D., Conn.) and Ed Markey (D., Mass.) introduced legislation to help protect consumers’ personal and financial information from hackers.
Senate Judiciary Committee Chairman Patrick Leahy (D., Vt.), who has tried to advance his own data privacy legislation for years and held the hearing, said he is “alarmed by the recent data breaches at Target and Neiman Marcus and Michaels Stores.”
“The investigations into those cyber attacks are ongoing. Yet, it is already clear that these attacks have compromised the privacy and security of millions of American consumers, potentially putting one in three Americans at risk of identity theft and other cyber crimes,” Leahy said. “Public confidence is crucial to our economy. If consumers lose faith in business’ ability to protect their personal information, our economic recovery will falter.”
Target reported a breach in December that the retailer initially said affected 40 million consumers who purchased goods in stores and potentially had their debit and credit card information stolen. The retailer later said another 70 million consumers may have had personal data such as their names, addresses, e-mail addresses and phone numbers stolen.
John J. Mulligan, executive vice president and chief financial officer at Target, outlined in his testimony the timeline (from Dec. 12 to Dec. 19) and steps Target took to identify and neutralize the malware that was used in the data security breach and to the first notification to its customers.
“From the outset, our response to the breach has been focused on supporting our guests and strengthening our security,” Mulligan told the senators.
“The unfortunate reality is that we suffered a breach, and all businesses — and their customers — are facing increasingly sophisticated threats from cyber criminals,” Mulligan said
Mulligan said Target now plans to take several steps to tighten its security of consumer data, including “accelerating” its investment in chip technology for Target REDcards and stores’ point of sale terminals. “We believe that chip-enabled technologies are critical to providing enhanced protection for consumers,” Mulligan said.
He also noted that Target is investing $5 million in a campaign with the Better Business Bureau, the National Cyber Security Alliance and the National Cyber-Forensics & Training Alliance to raise public awareness about cyber security and the dangers of consumer scams.
Target has not seen any fraud on its proprietary debit and credit cards due to the breach and only a “low amount” of fraud on its Target Visa card, Mulligan said.
Sen. Dianne Feinstein (D., Calif.) said she has consistently met resistance from the business community on breach notification legislation establishing a time frame for companies to notify consumers about data security breaches.
“I believe that if somebody has an account or uses credit at your institution and their data is breached, they should be notified so they can protect themselves,” Feinstein said.
“We agree with that completely,” Target’s Mulligan said. “Our focus has been on having accurate national information balanced with providing that notice as quickly as possible.…We felt that given the scope and breadth [of the breach] that public dissemination was appropriate to let all of our guests know virtually immediately. It was on the front pages of newspapers [around the country],” Mulligan said.
But Feinstein challenged Mulligan, arguing that customers should be notified directly and individually.
As for Neiman’s, Kingston said, “Once we knew that we had criminal activity inside our systems and who the impact was, we reached out individually to our customers and in fact reached out to more customers [all customers who shopped in Neiman Marcus stores for the entire year] just to be cautious, because it is important to us that our customer understands this is our primary concern.”
Senators also pressed the retailers and other experts on the panel about implementing a more secure payment card system similar to one in Europe that embeds smart chips in payment cards and requires a separate PIN number to use.
“We have been proposing ‘Chip and Pin’ for a very long time,” Mulligan said. We are in the process of rolling it out to our stores…300 stores already have guest payment devices, and we are accelerating the $100 million investment to get those in our stores by the fourth quarter of this year, and then products we offer will have chips in them early next year.”
Kingston said Neiman Marcus does not currently use PIN pads in its stores but is willing to consider “anything that makes this process and consumer information safer, including Chip and Pin.”
“As a practical matter, it is important for the committee to understand that while the industry will be safer with that, there is a lot of work to do to make that happen,” Kingston said.
“What he has done at Vuitton is really exceptional,” said @gameofthrones’ actress Gwendoline Christie on @mrkimjones’ final show for @louisvuitton. “He has rebooted luxury in terms of making it commercial, viable and contemporary. And most importantly artistic. He has never compromised his artistic vision for the sake of commodity.” (📷: @zefashioninsider)
After seeing a demand for men’s wear from its customers, British contemporary women’s wear label @ariesarise has added a men’s wear component and will launch a unisex collection with @mrporterlive. The 20-piece collection includes jackets, denim, logo T-shirts and more with deconstructed ‘90s vibes. Set to launch on January 18, you can shop the pieces on Aries’ website and on mrporter.com. #wwdfashion
“And so spending so much time with a character who thinks like that, inevitability you try and analyze yourself and go back and think about your own demons and dark chapters that you had in your life,” says @thedanielbruhl of his role in TNT’s “The Alienist.” The show, set in the Gilded Age of New York, also stars Dakota Fanning and Luke Evans. Head to WWD.com to read about how 39-year-old Brühl prepared for the role and why he thinks the show is so relevant to today #wwdeye ( 📷: @Eriktanner)
Now that Celine Dion’s collection has topped $10 million in sales, the pop superstar, fashion icon and newly-minted industry player is eyeing growth in Asia. Read the full report by @tiffanyap, link in bio. #wwdnews #celinedion
“My personal philosophy to beauty is paying attention to oneself. I love to be outdoors, lots of fresh air, trying to take care of yourself as best you can. I always notice that comes through,” says Felicity Jones, the global face of @shiseido-owned @cledepeaubeauteus, which launches today. Head to WWD.com to read more about the actress’ love for beauty and how she prepared for her new role in “The Basis of Sex,” playing the young Ruth Bader Ginsburg. #wwdbeauty (📷: @dandoperalski)
Among the familiar faces at @off____white’s show was a surprise figure: Japanese artist @takashipom, pictured here on Wednesday morning. Other show-goers included @jerrylorenzo, who spoke about his upcoming project: a @nike collaboration for back to school, with designs inspired by his childhood on the West Coast. Sitting in the front row were Future, Don Crawley, @miguel and more. See the rest of the photos on WWD.com #wwdeye (📷: Stephane Feugere)
According to @laurentsai, former “Terrace House: Aloha State” cast member, she didn’t know she was auditioning for the Japanese version of “Real World.” “I was telling a couple of my friends and someone’s like, ‘That sounds a lot like Terrace House.’ I was like, ’No it can’t be.’” Turns out, it was. But Tsai isn’t just a reality star — she’s an illustrator who has worked with Starbucks Japan and most recently, she’s dipping her toes into the fashion world. Head to WWD.com to read about her time on the show, modeling and her art. #wwdeye (📷: @danieldorsa)
More changes are coming to New York Fashion Week: Beginning with the spring 2019 collection, @alexanderwangny will move his New York show to June from September, adopting a biannual schedule with collections shown in June and December. Additionally, the @cfda is planning for an official summer/winter fashion season taking place as soon as June and December 2018. Read more about the upcoming changes on WWD.com. #wwdnews #wwdfashion (📷: @slovekinpics)