Neiman Marcus said Thursday that 1.1 million payment cards may have been impacted by the data security breach the retailer disclosed on Jan. 10.
At the time, the luxury chain said it didn’t know how many customers had credit and personal information stolen.
In an open letter to customers on Thursday, Karen Katz, Neiman’s president and chief executive officer, said the ongoing forensic and criminal investigations have determined that malware was installed on the retailer’s system between July 16 and Oct. 20, when the malware actively tried to collect payment card data from 1.1 million cards.
Visa, MasterCard and Discover have told Neiman’s that about 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were used fraudulently. Neiman’s said its proprietary credit card and the Bergdorf Goodman card have not seen any fraudulent activity. In addition, Neiman’s said social security numbers and birth dates weren’t compromised, and online transactions don’t appear to have been impacted.
PINs were never at risk because Neiman’s doesn’t use PIN pads in its stores.
Neiman’s said it’s notifying all customers for whom it has contact information and who shopped at stores between January 2013 and January 2014 of the situation. It’s offering one free year of credit monitoring and identity-theft protection to concerned customers.
Neiman’s is taking several steps to contain the situation, including reviewing its intrusion detection systems and firewalls, reinforcing security tools, reviewing and hardening systems, modifying software and security credentials and searching for and disabling all malware discovered in the course of the investigation.
The scope of the attack on Neiman’s is much smaller than the data security breach at Target, where an initial 40 million shoppers in U.S. stores potentially had credit or debit card information stolen. Target later learned that another 70 million consumers may have had their names, addresses, e-mail addresses and/or phone numbers taken.
Target said Thursday that executive vice president and chief financial officer John Mulligan will testify on Feb. 4 about the data attack before the U.S. Senate Judiciary Committee at a hearing, “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime.” Sen. Patrick Leahy (D., Vt.) chairs the committee and has written data security legislation that is under consideration. Mulligan oversees Target’s financial portfolio, including its finance and retail services. RELATED STORY: NRF Letter Calls for Financial Industry Support >>
In a separate action, a group of House Democrats is seeking information from Target chairman, president and ceo Gregg Steinhafel as the House Energy and Commerce Committee prepares to hold its own hearing into the security breach during the week of Feb. 3.
Reps. Henry Waxman (D., Calif.), Jan Schakowsky (D., Ill.) and Diana DeGette (D., Colo.) asked Steinhafel for all of Target’s written policies or guidelines related to threat monitoring, network security or point-of-sale protection and documents listing how much Target has spent on network security systems and personnel, among other things.
“Questions remain about how exactly this attack was carried out, who was responsible, whether it could have been prevented, how Target responded, and how retailers and customers can protect themselves going forward,” the letter said.
A Target spokeswoman said she had no information on the letter or the second hearing.
Also on Thursday, at the U.S. Conference of Mayors, Bill Simon, ceo and president of Wal-Mart U.S., was asked what defense against data breaches the world’s largest retailer has in place. “Very clearly, we are concerned,” Simon said. “At Wal-Mart we are fortunate not to have had any of the major issues today, but it’s a constant threat and something we are constantly vigilant against. We are known for our IT systems and we work very hard to protect our data. It is something not only retailers are having to deal with but anybody in the public domain that handles information is subject to the threat.”
He pointed to efforts by the National Retail Federation and Retail Industry Leaders Association to address the problem in recent days.
EXCLUSIVE: @tomford is opening its first-ever beauty store. The boutique, which opens November 20 in London’s Covent Gardens, was designed with the over-the-top glam Ford is known for. Read the full story on WWD.com, link in bio. #wwdbeauty #wwdnews (📷: Simon Wagner) #TomFordBeauty
New York-based DJ @harleyvnewton threw a party to celebrate the holiday collection of her dress and pajama line @hvn at the Ladurée Beverly Hills. It Girls @katebosworth, @rashidajones and more joined in on the fun, which included cocktails, croque monsieur sandwiches and a photo booth. #wwdfashion (📷: Owen Kolasinski/BFA.com)
For the holidays, @Burberry partnered with 20-year-old artist @blondeymccoy on a series of three outdoor murals in downtown Manhattan. The murals are McCoy’s interpretation of a Christmas eve party, the idea of charity and the spirit of family. His third mural, pictured here, is the most personal. The image depicts McCoy’s grandparents and father in London’s Trafalgar Square in the Seventies. “My work often features lots of sentimental objects.” #wwdeye
For spring 2018, designers applied bold colors and cartoonish motifs on everything from sneakers and belts to key chains. See all the top men’s accessories trends on WWD.com. #wwdtrends (📷: George Chinsee; Prop Styling by @rnasti; Market Editor: @luiscampuzano)
The @dior-sponsored @guggenheim international gala pre-party has a history of drawing cool-girl musical acts to serenade the crowd –– and last night was no exception. @haimtheband performed songs both new and old, and lured a star-studded audience with the likes of Rebecca Hall, Kate Mara, Mamoudou Athie and more. #wwdeye (📷: @lexieblacklock)
In a partnership between the @metopera and the @englishnationalopera, “Marnie” was born. The opera, with costumes sponsored by @mrporterlive, is an adaptation of the 1961 thriller by Winston Graham. Arianne Phillips, who created the costumes, is no rookie: She’s styled Madonna for her tours and created costumes for a myriad of films in the past. Read WWD’s interview with Phillips, where she talks about her inspiration for the opera’s costumes on WWD.com #wwdfashion
@barneysnyc took a different approach to their holiday windows this year. Instead of Christmas decor, Barneys tapped @thehaasbrothers to tell a story of positivity, gratitude and inclusivity via heartwarming silliness and humor. “It’s about kids and it’s about coming together and being family and loving each other,” said Simon Haas. #wwdfashion (📷: @joshuascottphoto)
Beauty influencer @kandeejohnson makes her foray into hair care with a collaboration with @ogx_beauty — making it the first time that OGX has teamed up for a product creation. The collab includes shampoos and conditioners in three scents. At 39 and a mom, Johnson is a different profile than the emerging social media stars, but is considered one of the pioneers of the digital beauty influencer world. Read WWD’s interview with her on wwd.com, including the strangest beauty product she’s ever tried #wwdbeauty