07 October 2015

Neiman Marcus says 1.1 million cards compromised; Michaels Stores latest to report breach

27 January 2014  |  4728 views  |  0 Credit card

Luxury retailer Neiman Marcus says that up to 1.1 million customer payment cards were compromised in the recent data breach that hit its instore POS terminals over a four-month period from July to October 2013.

In a letter to customers posted on the Neiman Marcus Website, CEO Karen Katz confirms that malware installed on its systems actively attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013.

She says that card schemes Visa, MasterCard and Discover have notified the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.

The scope of the attack is far more limited than a similar breach at Target, which afflicted more than 100 million customers. While no direct connection between the incidents has been established, the similarities are striking, with malicious malware identified as the culprit.

The Target data breach was allegedly carried out using off-the-shelf malware authored by a 17-year old Russian

Last week, Texas police arrested two Mexican citizens accused of using card data stolen in the Target data breach to buy tens of thousands of dollars' worth of goods.

Since then, speciality arts and craft retailer Michaels Stores has also come forward to report fraudulent activity on cards used at its outlets. The company says it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts.

"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," says Chuck Rubin, CEO. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorised charges."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

21 January, 2014
20 January, 2014
16 January, 2014
14 January, 2014
13 January, 2014
10 January, 2014
19 December, 2013
Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
Shaping the Future of Banking: an event fo...
10431 views comments | 4 tweets | 2 linkedin
BNP Paribas to pilot cards with dynamic CV...
6828 views comments | 32 tweets | 37 linkedin
Worldpay trials facial recognition technol...
6586 views comments | 24 tweets | 39 linkedin
Payments firm Adyen scores funding at $2.3...
5103 views comments | 16 tweets | 14 linkedin
Faster Payments eases access for challenge...
4483 views comments | 20 tweets | 25 linkedin

Featured job

up to £95K base, £190K OTE, benefits
London, UK

Find your next job