TRENDING:

Neiman Marcus CEO Addresses Breach

Retailer Disabled Malware Found on Systems Jeffrey Roman (gen_sec) • January 16, 2014    
Neiman Marcus CEO Addresses Breach

Nearly one week after news broke about the Neiman Marcus data breach, the luxury retailer's CEO today issued her first formal statement addressing the breach, which compromised customer credit and debit cards at the stores.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

"We deeply regret and are very sorry that some of our customers' payment cards were used fraudulently after making purchases at our stores," says Karen Katz, president and CEO of the Dallas-based retailer, in a statement posted to the company's corporate website. "We have taken steps to notify those affected customers for whom we have contact information."

Katz says customer Social Security numbers and birth dates were not compromised, and those customers who shopped online were not impacted by the breach.

Payment card PIN numbers were never at risk because the company doesn't use PIN pads in its stores, Katz says.

Neiman Marcus first acknowledged the breach on Jan. 10.

Breach Response

Katz says Neiman Marcus was informed in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at its stores.

"We quickly began our investigation and hired a forensic investigator," Katz says. "Our forensic investigator discovered evidence on January 1st that a criminal cyber-security intrusion had occurred. The forensic and criminal investigations continue."

After the incident, Neiman Marcus took several steps to mitigate the situation, she says, including working with federal law enforcement, disabling malware found on its systems, enhancing security tools, and reinforcing related payment card systems, the statement says.

It's still unclear how many cards were impacted in the breach. When reached for comment, a Neiman Marcus spokesperson declined to give details on the extent of the incident.

The company says it has no knowledge of a connection between its breach and the one at Target that compromised personal information on tens of millions of customers (see: Target Breach: New Questions Raised).

Credit Monitoring

Those customers who made a payment card purchase at Neiman Marcus in the past year are being offered one year of free credit monitoring service, the statement says. Sign-up instructions will be provided on the company's website by Friday, Jan. 24.

Neiman Marcus is also urging customers to be mindful of phishing schemes.

"Our e-mail correspondence regarding this incident will not contain any links, so if you receive an e-mail appearing to be from us that contains a link, it is not from us, and don't click on the link," according to the company's FAQ on the incident.

Neiman Marcus Group operates 41 Neiman Marcus stores across the U.S., as well as two Bergdorf Goodman stores and 36 Last Call clearance centers.

Previous
Fraud Patterns Suggest New Breaches
Next
Obama Orders Review on Use of Big Data

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.