January 13, 2014
Following In Target’s Footsteps, Neiman Marcus Reports Data Breach
Enid Burns for redOrbit.com - Your Universe Online
While Target took all the heat this holiday season for experiencing a security breach affecting as many as 110 million customers, Neiman Marcus is now saying it experienced a similar attack. It has also been reported that other retailers were affected during this past holiday season but have yet to come forward.
All eyes have been on the big red target, however the credit breaches experienced over the holidays are likely to have gone much farther than disclosed. Niemen Marcus has come forward to say it also experienced a breach over the holidays and at least three additional US retailers experienced smaller breaches over the holiday shopping season, Reuters reports, citing an undisclosed source.
"Smaller breaches on at least three other well-known US retailers took place and were conducted using similar techniques as the one on Target, according to people familiar with the attacks. Those breaches have yet to come to light. Also, similar breaches may have occurred earlier last year," the Reuters article said.
The biggest name to cross paths with a security breach during the holiday season was Target. The breach was reported in mid-December and estimated to have reached 40 million shoppers during a period of a few weeks. Many customers were upset with Target's initial apology, which didn't include any action other than recommendations to get a new credit card and contact the credit bureaus. It wasn't until after the New Year that Target came forward to report that the beach affected an additional 70 million customers. While the breach could contain some overlap, it could affect as many as 110 customers. It was after the larger security breach was discovered that Target offered its affected customers access to credit monitoring service ProtecMyID, which Target offers information about at abullseyeview.com.
Neiman Marcus has only entered the apology stage of its addressing of the breach. The luxury department store known for its Christmas catalog came out last week saying it had been breached over the holidays. The company said it is working with the US Secret Service to investigate a hacker break-in, Brian Krebs from Krebsonsecurity.com reports. The degree to how many customers are affected, and what information was stolen is still under investigation.
While Neiman Marcus issued a statement, more customers are responding to the company's tweets. The official @neimanmarcus handle has received a degree of ire in response to the tweet, "The security of our customers' information is always a priority and we sincerely regret any inconvenience." Among other tweets. Responses have not been kind. One follower tweeted "Thanks (expletive)! Just what I needed to start off the New Year! Jeez!" in response.
The breach was uncovered in mid-December, and the retailer is investigating the intrusion. The company does not yet know the cause, size or duration of the breach, Neiman Marcus spokesperson Ginger Reeder said, according to Krebsonsecurity.com. Currently a third-party forensics firm is looking into the details.
“Neiman Marcus was informed by our credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores," Reeder said in a statement to Krebsonsecurity.com.
"We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security," she continued.
"The security of our customers’ information is always a priority and we sincerely regret any inconvenience. We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store,” Reeder said.
What is more alarming is the news that additional retailers experienced a breach, yet none have come forward. Laws protect consumers in most states, requiring companies to contact customers when certain personal information is compromised, Reuters reports.
In the end, it is the credit card issuer that often becomes responsible for notifying consumers.