25 November 2015

Neiman Marcus says 1.1 million cards compromised; Michaels Stores latest to report breach

27 January 2014  |  4810 views  |  0 Credit card

Luxury retailer Neiman Marcus says that up to 1.1 million customer payment cards were compromised in the recent data breach that hit its instore POS terminals over a four-month period from July to October 2013.

In a letter to customers posted on the Neiman Marcus Website, CEO Karen Katz confirms that malware installed on its systems actively attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013.

She says that card schemes Visa, MasterCard and Discover have notified the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.

The scope of the attack is far more limited than a similar breach at Target, which afflicted more than 100 million customers. While no direct connection between the incidents has been established, the similarities are striking, with malicious malware identified as the culprit.

The Target data breach was allegedly carried out using off-the-shelf malware authored by a 17-year old Russian

Last week, Texas police arrested two Mexican citizens accused of using card data stolen in the Target data breach to buy tens of thousands of dollars' worth of goods.

Since then, speciality arts and craft retailer Michaels Stores has also come forward to report fraudulent activity on cards used at its outlets. The company says it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts.

"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," says Chuck Rubin, CEO. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorised charges."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

21 January, 2014
20 January, 2014
16 January, 2014
14 January, 2014
13 January, 2014
10 January, 2014
19 December, 2013

Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
MIT to run fintech degree course
8978 views comments | 35 tweets | 14 linkedin
Coinbase issues Bitcoin debit card
7995 views comments | 16 tweets | 21 linkedin
UK banks hardest hit by non-bank money tra...
7840 views comments | 27 tweets | 30 linkedin
Apple Pay users given a free ride in Londo...
7835 views comments | 21 tweets | 29 linkedin
BBVA buys 29.5% stake in Atom for £45...
6809 views comments | 33 tweets | 40 linkedin

Featured job

Competitive Package
New York City, NY. USA

Find your next job