14 February 2016

Neiman Marcus says 1.1 million cards compromised; Michaels Stores latest to report breach

27 January 2014  |  4989 views  |  0 Credit card

Luxury retailer Neiman Marcus says that up to 1.1 million customer payment cards were compromised in the recent data breach that hit its instore POS terminals over a four-month period from July to October 2013.

In a letter to customers posted on the Neiman Marcus Website, CEO Karen Katz confirms that malware installed on its systems actively attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013.

She says that card schemes Visa, MasterCard and Discover have notified the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.

The scope of the attack is far more limited than a similar breach at Target, which afflicted more than 100 million customers. While no direct connection between the incidents has been established, the similarities are striking, with malicious malware identified as the culprit.

The Target data breach was allegedly carried out using off-the-shelf malware authored by a 17-year old Russian

Last week, Texas police arrested two Mexican citizens accused of using card data stolen in the Target data breach to buy tens of thousands of dollars' worth of goods.

Since then, speciality arts and craft retailer Michaels Stores has also come forward to report fraudulent activity on cards used at its outlets. The company says it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts.

"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," says Chuck Rubin, CEO. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorised charges."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

21 January, 2014
20 January, 2014
16 January, 2014
14 January, 2014
13 January, 2014
10 January, 2014
19 December, 2013

Top topics

Most viewed Most shared
UK sets out open banking API frameworkUK sets out open banking API framework
16585 views comments | 107 tweets | 91 linkedin
Deutsche Bank calls for co-operation with fintech firms on B2B servicesDeutsche Bank calls for co-operation with...
9219 views comments | 30 tweets | 30 linkedin
How to accelerate your fintech startupHow to accelerate your fintech startup
8971 views comments | 35 tweets | 10 linkedin
Is Paym a failure?Is Paym a failure?
7310 views 16 comments | 23 tweets | 16 linkedin
Visa issues API to offer consumer control over card transactionsVisa issues API to offer consumer control...
6664 views comments | 17 tweets | 28 linkedin

Featured job

to $120K base, double OTE, benefits
New York City, NY or Boston, MA (USA)

Find your next job