WWD.com/globe-news/department-stores/neiman-marcus-issues-apology-for-data-breach-7371108/
government-trade
government-trade

Neiman Marcus Issues Apology for Data Breach

The luxury retailer has not said how many customers had credit and personal information stolen.

Neiman Marcus on Thursday posted on its Web site its first open letter to shoppers, saying it’s taking steps to contain the credit card and debit card security breach and enhance information security.

Reports that Neiman Marcus had been hit by a credit card breach surfaced on Jan. 10. The luxury retailer has not said how many customers had credit and personal information stolen. “We are not releasing a number until we know we have an accurate number,” a spokeswoman said.

“We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores,” read Thursday’s letter, which was signed by Karen Katz, president and chief executive officer of Neiman Marcus Group Ltd. LLC. “We have taken steps to notify those affected customers for whom we have contact information.” Customers who shopped online do not appear to have been impacted by the criminal cyber-security intrusion. Katz said, “Your PIN was never at risk because we do not use PIN pads in our stores.”

RELATED STORY: Congressional Scrutiny of Target Data Breach Widens >>

Neiman’s disclosure on Jan. 10 came on the same day that Target Corp., which was the victim of an earlier security breach, upped the estimate of how many customers potentially had credit card and/or personal information stolen. The Minneapolis-based retailer initially said that 40 million customers could have potentially had credit or debit card information stolen. It subsequently learned that another 70 million consumers may have had their names, mailing addresses, phone numbers and e-mail addresses stolen.

Target, which on Dec. 19 said that credit or debit card information of customers who shopped in its U.S. stores between Black Friday and Dec. 15 may have been stolen, has been in front of the issue since the beginning, communicating with potentially impacted shoppers via e-mail and its Web site. Gregg Steinhafel, chairman, president and ceo, addressed the subject in national TV news interviews, and the company took out ads last week in The New York Times, Washington Post, Wall Street Journal and USA Today, as well as local papers in the top 50 markets.

Like Target, Neiman’s offers customers who made a payment card purchase in the past year a free credit monitoring service for one year “for an added layer of protection.” Sign-up instructions for the service will be provided on the Neiman’s Web site by Jan. 24, the letter said.

In other news, according to U.S. Rep. Lee Terry (R., Neb.), Target on Thursday agreed to testify before Congress in early February about the data breach. Terry chairs the commerce, manufacturing and trade subcommittee of the House Committee on Energy and Commerce and said his panel will hold a hearing on data breaches and their effect on customers. The subcommittee said it expects to hear from law enforcement officials and one or more representatives of Target. “As it relates to the hearing, we are continuing to work with elected officials to keep them informed and updated as our investigation continues,” a Target spokeswoman said.

According to published reports, the Department of Homeland Security on Thursday released to retailers an analysis of advanced malicious software in a report called “Indicators for Network Defenders.” The U.S. Secret Service could not be reached for comment.