Cyber Crime

After Target also Neiman Marcus retailer confirmed a data breach

Neiman Marcus retailer confirmed a data breach, it is the second case in a few weeks after data breach at US retailer Target discovered Brian Krebs.

The high-end retailer Neiman Marcus confirmed a data breach that could represent a risk its customers, the incident occurs a few weeks after the clamorous data breach at US giant retailer Target. Neiman Marcus has 79 stores and reported total sales of $1.1 billion in the Q4 2013.

Also in this case the data breach at Neiman Marcus was first reported by cybersecurity expert Brian Krebs, the specialist confirmed a surge in fraudulent credit and debit charges on cards that had been used at Neiman Marcus stores.

“Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards.” reported Krebs.

Neiman Marcus revealed that its customers are at risk after hackers breached servers of the company and accessed the payment information of those who visited its stores.

The company is working to inform customers whose cards have been used for fraudulent purchases, but differently, from the case of retailer Target, the company hasn’t provided information on the nature of data leaked and on the number of customer records exposed.

Neiman Marcus spokesperson Ginger Reeder announced the company does not yet know the cause, size or duration of the data breach, she also added that there is no evidence of a possible impact on those shoppers who purchased from the online stores.

The entirety of the company’s formal statement is as follows:

“Neiman Marcus was informed by our credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.

We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security.

The security of our customers’ information is always a priority and we sincerely regret any inconvenience. We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store.”

Neiman Marcus was informed in mid-December by its credit card processor and subsequently reported the data breach to law enforcement.

The company apologized to its customers for the incident and confirmed that it is working to notify those whose cards were used fraudulently after visits to Neiman Marcus stores.

Cyber criminal activities are more frequent during the holiday season, experts hypothesized also a possible connection between this data breach and the one occurred to Target retailer.

“In the wake of the Target breach, customers, lawmakers and consumer advocates have stepped up calls for Congress to set guidelines on how merchants should protect consumer data. In a statement Friday, Sen. Edward J. Markey (D-Mass.) said that the Target breach illustrates a need for clear, strong privacy and security standards across all industries. When a number equal to nearly one-fourth of America’s population is affected by a data breach, it is a serious concern that must be addressed,” he said. reported the Washington Post.

Are Target and Neiman Marcus two isolated cases?

“Target Corp and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season last year, according to sources familiar with attacks on other merchants that have yet to be publicly disclosed.” reported a post by Reuters.

According to the people familiar with the attacks other smaller breaches occurred on at least three other well-known U.S. retailers. The technique adopted by attackers is the same to the one against Target, those breaches have yet to come to light and rumors refer similar incidents may have occurred earlier last year.

There is the suspect the perpetrators may be the same as those who attacked Target retailer, likely the ring leaders are from Eastern Europe.

Security analysts expect an increment for illicit activities related to credit and debit card abuses, and they also sustain that it can be more difficult for retailers and credit card issuers to detect patterns of unusual spending.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Neiman Marcus, cybercrime)

[adrotate banner=”5″] [adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

2 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

14 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

18 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

23 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.