05 September 2015

Neiman Marcus says 1.1 million cards compromised; Michaels Stores latest to report breach

27 January 2014  |  4650 views  |  0 Credit card

Luxury retailer Neiman Marcus says that up to 1.1 million customer payment cards were compromised in the recent data breach that hit its instore POS terminals over a four-month period from July to October 2013.

In a letter to customers posted on the Neiman Marcus Website, CEO Karen Katz confirms that malware installed on its systems actively attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013.

She says that card schemes Visa, MasterCard and Discover have notified the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.

The scope of the attack is far more limited than a similar breach at Target, which afflicted more than 100 million customers. While no direct connection between the incidents has been established, the similarities are striking, with malicious malware identified as the culprit.

The Target data breach was allegedly carried out using off-the-shelf malware authored by a 17-year old Russian

Last week, Texas police arrested two Mexican citizens accused of using card data stolen in the Target data breach to buy tens of thousands of dollars' worth of goods.

Since then, speciality arts and craft retailer Michaels Stores has also come forward to report fraudulent activity on cards used at its outlets. The company says it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts.

"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," says Chuck Rubin, CEO. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorised charges."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

21 January, 2014
20 January, 2014
16 January, 2014
14 January, 2014
13 January, 2014
10 January, 2014
19 December, 2013
Your browser is unable to support Flash files.

Who is commenting?

Finextra Member Commented on: HSBC to rebrand Britsh...
Finextra Member Commented on: Zapp to use behavioura...

Top topics

Most viewed Most shared
Third of Brits expect day-to-day mobile pa...
8539 views comments | 40 tweets | 15 linkedin
UK boosts contactless limit to £30
5838 views comments | 31 tweets | 20 linkedin
PayPal rolls out personalised URLs for P2P...
5832 views comments | 34 tweets | 19 linkedin
Behold the contactless jacket
5637 views comments | 23 tweets | 18 linkedin
MasterCard extends startup search globally
5292 views comments | 14 tweets | 5 linkedin

Featured job

up to £95K base, £190K OTE, benefits
London, UK

Find your next job