Neiman Marcus said Thursday that 1.1 million payment cards may have been impacted by the data security breach the retailer disclosed on Jan. 10.
At the time, the luxury chain said it didn’t know how many customers had credit and personal information stolen.
In an open letter to customers on Thursday, Karen Katz, Neiman’s president and chief executive officer, said the ongoing forensic and criminal investigations have determined that malware was installed on the retailer’s system between July 16 and Oct. 20, when the malware actively tried to collect payment card data from 1.1 million cards.
Visa, MasterCard and Discover have told Neiman’s that about 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were used fraudulently. Neiman’s said its proprietary credit card and the Bergdorf Goodman card have not seen any fraudulent activity. In addition, Neiman’s said social security numbers and birth dates weren’t compromised, and online transactions don’t appear to have been impacted.
PINs were never at risk because Neiman’s doesn’t use PIN pads in its stores.
Neiman’s said it’s notifying all customers for whom it has contact information and who shopped at stores between January 2013 and January 2014 of the situation. It’s offering one free year of credit monitoring and identity-theft protection to concerned customers.
Neiman’s is taking several steps to contain the situation, including reviewing its intrusion detection systems and firewalls, reinforcing security tools, reviewing and hardening systems, modifying software and security credentials and searching for and disabling all malware discovered in the course of the investigation.
The scope of the attack on Neiman’s is much smaller than the data security breach at Target, where an initial 40 million shoppers in U.S. stores potentially had credit or debit card information stolen. Target later learned that another 70 million consumers may have had their names, addresses, e-mail addresses and/or phone numbers taken.
Target said Thursday that executive vice president and chief financial officer John Mulligan will testify on Feb. 4 about the data attack before the U.S. Senate Judiciary Committee at a hearing, “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime.” Sen. Patrick Leahy (D., Vt.) chairs the committee and has written data security legislation that is under consideration. Mulligan oversees Target’s financial portfolio, including its finance and retail services. RELATED STORY: NRF Letter Calls for Financial Industry Support >>
In a separate action, a group of House Democrats is seeking information from Target chairman, president and ceo Gregg Steinhafel as the House Energy and Commerce Committee prepares to hold its own hearing into the security breach during the week of Feb. 3.
Reps. Henry Waxman (D., Calif.), Jan Schakowsky (D., Ill.) and Diana DeGette (D., Colo.) asked Steinhafel for all of Target’s written policies or guidelines related to threat monitoring, network security or point-of-sale protection and documents listing how much Target has spent on network security systems and personnel, among other things.
“Questions remain about how exactly this attack was carried out, who was responsible, whether it could have been prevented, how Target responded, and how retailers and customers can protect themselves going forward,” the letter said.
A Target spokeswoman said she had no information on the letter or the second hearing.
Also on Thursday, at the U.S. Conference of Mayors, Bill Simon, ceo and president of Wal-Mart U.S., was asked what defense against data breaches the world’s largest retailer has in place. “Very clearly, we are concerned,” Simon said. “At Wal-Mart we are fortunate not to have had any of the major issues today, but it’s a constant threat and something we are constantly vigilant against. We are known for our IT systems and we work very hard to protect our data. It is something not only retailers are having to deal with but anybody in the public domain that handles information is subject to the threat.”
He pointed to efforts by the National Retail Federation and Retail Industry Leaders Association to address the problem in recent days.
In his new book “Hollywood Royale,” Andy Warhol’s Protégé Matthew Rolston celebrates the Eighties revival of Hollywood glamour. Featuring more than 100 portraits taken by Rolston from 1977 to 1993, the book contains photos of icons like Michael Jackson, Cyndi Lauper, and @drewbarrymore, pictured here in 1991. “Hollywood Royale,” out today, will be accompanied by an exhibition opening at Los Angeles’ Fahey/Klein Gallery on March 1. #wwdeye
"Nowadays when life is not so happy with everything going on in the world, I think people come to me for a little bit of whimsy and color and fun." - Designer Rebecca De Ravenel on her cult-favorite jewelry line. (📸 : @vsteves) #wwd40
“Everyone is talking about how the retail industry is struggling, but I think it’s an incredible time because brands who are doing something different and innovative are setting themselves up for the future,” said @adamgoldston, who founded the luxury athletic brand @apl with his brother @ryangoldsten. The Goldston’s are part of WWD’s 40 under 40: a group of industry notables. See the rest of the list on WWD.com. (📷: @vsteves) #wwd40
@eyeswoon blogger Athena Calderone debuted her first-ever cookbook, “Cook Beautiful,” which is heavily centered on the presentation and visual expression of food. Pictured here are her miso glazed carrots from the book. Get the recipe on WWD.com. (📷: @johnny_miller_) #wwdeye
“It’s passion that helps get anybody to a certain point and it’s what’s propelled me,” said Kith founder @ronniefieg, one of WWD’s 40 under 40: a group of industry notables who are changing the face of retail, fashion and beauty. Fieg, who opened a Manhattan flagship on October 7, began his career at age 13 as a stock boy and salesman for footwear chain David Z. “I think staying true to [my] beliefs, hard work and passion have gotten me to where [Kith] is today.” See the rest of the 40 at WWD.com. (📷: @vsteves) #wwd40
25-year-old @samweaving is about to break out this fall, starring in Netflix’s horror film “The Babysitter,” fittingly out today on Friday the 13th. That’s not the only place you’ll be seeing her, though — Weaving’s got a role Showtime’s “SMILF” and another alongside Frances McDormand and Woody Harrelson in “Three Billboards Outside Ebbing, Missouri.” Though she’s got a full plate at the moment, there’s one role she’s got her eye on: Marilyn Monroe. “I’m a little too young at the moment, but it’s on my bucket list,” the actress told WWD (📷: @dandoperalski) #wwdeye
BFF's Poppy Jamie and Suki Waterhouse celebrated the launch of their bag line Pop x Suki at Nordstrom last night. "The line is really about our friendship, and how we are so different but complement each other," said Waterhouse. 👯 (📷: Katie Jones) #wwdeye
After designing the new @louisvuitton and @bulgariofficial flagships and a @chanelofficial boutique opening in Japan, @petermarinoarchitect has another project on his plate: The Lobster Club. Located in the Seagram Building, it’s the famed architect’s first restaurant project in New York, serving up modern Japanese brasserie-style cuisine. Bronze hues, bespoke material detailing, blush and chartreuse tones and a heavy emphasis on Picasso can be seen throughout. Mark your calendars for Nov. 1 for the much-anticipated opening. (📷: @clint_spaulding) #wwdeye
Did you know: @carlychaikin of "Mr. Robot" has been painting for about a decade? The actress, who plays Darlene on the show, is a self-taught artist who lists Salvador Dalí and Chuck Close as some of her idols. Chaikin told WWD that painting is a form of meditation for her — A much-needed one given the intensity of "Mr. Robot." See a piece Chaikin is working on at WWD.com (📷: @jilliansollazzo) #wwdeye