Neiman Marcus said Thursday that 1.1 million payment cards may have been impacted by the data security breach the retailer disclosed on Jan. 10.
At the time, the luxury chain said it didn’t know how many customers had credit and personal information stolen.
In an open letter to customers on Thursday, Karen Katz, Neiman’s president and chief executive officer, said the ongoing forensic and criminal investigations have determined that malware was installed on the retailer’s system between July 16 and Oct. 20, when the malware actively tried to collect payment card data from 1.1 million cards.
Visa, MasterCard and Discover have told Neiman’s that about 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were used fraudulently. Neiman’s said its proprietary credit card and the Bergdorf Goodman card have not seen any fraudulent activity. In addition, Neiman’s said social security numbers and birth dates weren’t compromised, and online transactions don’t appear to have been impacted.
PINs were never at risk because Neiman’s doesn’t use PIN pads in its stores.
Neiman’s said it’s notifying all customers for whom it has contact information and who shopped at stores between January 2013 and January 2014 of the situation. It’s offering one free year of credit monitoring and identity-theft protection to concerned customers.
Neiman’s is taking several steps to contain the situation, including reviewing its intrusion detection systems and firewalls, reinforcing security tools, reviewing and hardening systems, modifying software and security credentials and searching for and disabling all malware discovered in the course of the investigation.
The scope of the attack on Neiman’s is much smaller than the data security breach at Target, where an initial 40 million shoppers in U.S. stores potentially had credit or debit card information stolen. Target later learned that another 70 million consumers may have had their names, addresses, e-mail addresses and/or phone numbers taken.
Target said Thursday that executive vice president and chief financial officer John Mulligan will testify on Feb. 4 about the data attack before the U.S. Senate Judiciary Committee at a hearing, “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime.” Sen. Patrick Leahy (D., Vt.) chairs the committee and has written data security legislation that is under consideration. Mulligan oversees Target’s financial portfolio, including its finance and retail services. RELATED STORY: NRF Letter Calls for Financial Industry Support >>
In a separate action, a group of House Democrats is seeking information from Target chairman, president and ceo Gregg Steinhafel as the House Energy and Commerce Committee prepares to hold its own hearing into the security breach during the week of Feb. 3.
Reps. Henry Waxman (D., Calif.), Jan Schakowsky (D., Ill.) and Diana DeGette (D., Colo.) asked Steinhafel for all of Target’s written policies or guidelines related to threat monitoring, network security or point-of-sale protection and documents listing how much Target has spent on network security systems and personnel, among other things.
“Questions remain about how exactly this attack was carried out, who was responsible, whether it could have been prevented, how Target responded, and how retailers and customers can protect themselves going forward,” the letter said.
A Target spokeswoman said she had no information on the letter or the second hearing.
Also on Thursday, at the U.S. Conference of Mayors, Bill Simon, ceo and president of Wal-Mart U.S., was asked what defense against data breaches the world’s largest retailer has in place. “Very clearly, we are concerned,” Simon said. “At Wal-Mart we are fortunate not to have had any of the major issues today, but it’s a constant threat and something we are constantly vigilant against. We are known for our IT systems and we work very hard to protect our data. It is something not only retailers are having to deal with but anybody in the public domain that handles information is subject to the threat.”
He pointed to efforts by the National Retail Federation and Retail Industry Leaders Association to address the problem in recent days.
@tradesy is turning the concept of a showroom upside down with its new space in Santa Monica. Here, the company plans to hold events, art exhibits and a showcase rare fashion pieces like this Louis Vuitton boxing set. Get all the details on Tradesy’s first showroom on WWD.com. #wwdnews
Spotted last night at the @erdem x @hm launch event: Kate Bosworth, Rashida Jones, Kirsten Dunst and Selma Blair. The party, which took place in LA, also marked the opening of their pop-up shop. “I was interested in creating a collection that wasn’t in any way disposable. It was about pieces you’d create and keep forever, things that have a permanence to it,” designer Erdem Moralioglu said. #wwdeye (📷: Katie Jones)
Renee Zellweger in yellow in 2001 and again in 2017. Chosen as one of the 12 @pantone Leading Spring Colors (and dubbed “Meadowlark”), it only makes sense that the bright hue stands the test of time and is making a resurgence this season, seen already on stars like @blakelively and @gigihadid. (📷: Donato Sardello & @rexfeatures) #wwdfashion #tbt
Dior’s 70th anniversary celebration continues with a new exhibition at the Royal Ontario Museum in Toronto. “Christian Dior,” which is scheduled to run through March 18, takes a look at the founders tenure from 1947 to 1057 and feature 40 designs. Pictured here is an evening gown from the Ailée, fall 1948-49 haute couture collection. #wwdfashion (📷: Brian Boyle)
As one of the most recognizable models in the world, Christy Turlington Burns has an insider’s view of the fashion industry and the allegations of sexual harassment swirling around it. “I can say that harassment and mistreatment have always been widely known and tolerated in the industry. The industry is surrounded by predators who thrive on the constant rejection and loneliness so many of us have experiences at some point in our careers,” Turlington told WWD, along with her suggestions for how the modeling world should protect younger women and men. Read more on WWD.com. Link in bio. (📷: Tony Palmieri) #wwdnews
@asics America has tapped a new brand ambassador: famed DJ/record producer @steveaoki. This initiative is intended to set the tone for the new brand identity and philosophy and will include partnerships with influencers and in-store and off-line activations that will continue into next year. This is Asics’ most significant marketing effort in two decades, and is expected to attract younger consumers to the brand. #wwdfashion
24-year-old Jean Prounis is redefining the rules of jewelry. Formerly a studio assistant to Jemima Kirke and a design apprentice at Ghuran, she focuses on handcrafted subtleties and ancient goldsmithing techniques. “There was a really sterile feel in the environment and I wanted to have jewelry with character that shapes how you wear it everyday,” Prounis said. Each piece is hand made in New York, either by Prounis or three other jewelers in the district. #wwdfashion
“These collections continue to build on that vision, empowering differently abled adults to express themselves through fashion,” said @tommyhilfiger of his line of adaptive apparel, which launches today. The line consists of 37 men’s and 34 women’s styles based upon the pieces from the spring Tommy Hilfiger sportswear collection. #wwdnews