News Feature | January 24, 2014

Neiman Marcus Attack Went Undetected For Months

Source: Retail Solutions Online

By Kara Murphy, contributing writer, Integrated Solutions For Retailers

Cybercrime firm says at least six other retailers also compromised

The cyberattack on Neiman Marcus’s computer network went undetected for months, with the earliest sign of intrusion having occurring as far back as July, the company said in a call with credit card companies.

The attack was also not fully contained until Jan. 5, executives from the luxury retailer told the credit card companies. They also said signs the first signs of an intrusion date back to mid-July. The company knew about the attack in mid-December but did not disclose it to customers until Jan. 1.

Karen Katz, the company’s CEO and president, wrote in a letter to customers that it is not believed customer Social Security numbers or birth dates were compromised in the attack. She also said online customers are not believed to have been affected. In addition, she wrote, no debit PIN numbers were stolen.

“We have taken and are continuing to take a number of steps to contain the situation, and to help prevent an unlawful intrusion like this from happening again,” Katz wrote in a letter to customers. “Actions we have taken include working with federal law enforcement, disabling the malware we have found, enhancing our security tools, and assessing and reinforcing our related payment card systems in light of this new threat.”

Neiman Marcus has not said how many credit card numbers were stolen, but has promised a free year of credit reporting for anyone who used a credit card at one of its stores in the past year. Target has offered affected customers a similar service.

The attack on Neiman Marcus went on much longer than the attack on Target’s computer system. But in Target’s case, the data that was stolen included much more sensitive information, including debit card PINs, and personal information for up to 70 million people, as well as credit card numbers for another 40 million people.

Target and Neiman Marcus have said investigators do not know if the attacks are linked. Sources close to the investigation have said both attacks appear to have originated in Eastern Europe.

Andrew Komarov, the chief executive of a cybercrime firm called IntelCrawler, told Reuters that his company has traced at least six ongoing attacks on U.S. retailers using the same software that was used in the Target attack. The malware, called BlackPOS, was used in the crimes.

5 Steps To Ensure Financial Protection From A Targeted Security Breach

Want to publish your opinion?
Contact us to become part of our Editorial Community.