Neiman Marcus notifies customers after card data breach

The incident follows a massive data theft at Target affecting up to 110 million customers

Neiman Marcus has been notifying customers of a data breach after hackers stole merchant card information for an undisclosed number of shoppers.

The high-end retailer said it was working with the U.S. Secret Service and a forensics firm to investigate the theft, which it said it learned about in December from its merchant card processor.

[ Also on InfoWorld: Target now says up to 110 million affected by data breach. | Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

"On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers cards were possibly compromised as a result," Neiman Marcus said in an emailed statement.

"We have begun to contain the intrusion and have taken significant steps to further enhance information security," the company said.

Neiman Marcus didn't say how the break in occurred or how many of its customers were affected, but it confirmed some customers' card numbers were used improperly after they shopped at the store.

"We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after purchasing at our stores," the company said via Twitter late Friday.

Neiman spokeswoman Ginger Reeder said she couldn't provide any further details at this time. The store apparently confirmed the break-in after being contacted by security reporter Brian Krebs on Friday.

The incident follows a massive data breach at Target, another major U.S. retailer. Target originally said about 40 million people were affected in that incident, but on Friday it said the number could be as high as 110 million, or about one-third of the U.S. population.

In addition to credit and debit card numbers, thieves also took customer names, mailing addresses, phone numbers or email addresses, Target said in a statement released Friday.

James Niccolai covers data centers and general technology news for IDG News Service. Follow James on Twitter at @jniccolai. James's e-mail address is james_niccolai@idg.com

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies