Neiman Marcus hack hit 1.1 million customers

  @gregorywallace January 23, 2014: 12:29 PM ET
neiman marcus credit card breach
NEW YORK (CNNMoney)

About 1.1 million customers were impacted by a breach of luxury retailer Neiman Marcus' payment systems that lasted more than three months, the company said.

Malicious software scooped up customer credit and debit card information between July 16 and Oct. 30 of last year, Neiman Marcus Group President and CEO Karen Katz said in a message on the retailer's website.

Visa (V, Fortune 500), MasterCard (MA, Fortune 500) and Discover (DFS, Fortune 500) reported 2,400 cards were then used fraudulently, Katz said. She said customers have no liability for those purchases and can sign up for one year of free credit monitoring online at www.protectmyid.com/nm. Neiman Marcus is attempting to notify impacted customers, Katz added.

Neiman Marcus acknowledged earlier this month its systems had been breached, but did not disclose a number of customers affected. The retailer says it first learned of the breach in December and began an investigation along with law enforcement. A security firm confirmed the breach on Jan. 1.

Related: 4 things to do after your credit card has been hacked

The breach did not include customer Social Security Numbers or PIN numbers associated with debit cards, Neiman Marcus said. Online shoppers were not impacted.

The software -- described as "sophisticated, self-concealing malware, capable of fraudulently obtaining payment card information" -- has since been disabled.

The Neiman Marcus incident began and ended before a much larger breach at discount retailer Target (TGT, Fortune 500). Up to 110 million Target customers had their personal information stolen during the busy holiday shopping season, Target said.

Although malware used at both retailers accomplished similar goals, Neiman Marcus said it knew of no connection between the two breaches. To top of page



Join the Conversation
CNNMoney Sponsors
Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.