Hayley Tsukayama (c) 2014, The Washington Post. Neiman Marcus confirmed Saturday that its customers are at risk after hackers breached the Dallas company’s servers and accessed the payment information of those who visited its stores.
The news comes on the heels of a disclosure from Target that a similar data breach at its stores may ultimately affect up to 100 million customers, far more than originally feared. The Neiman breach was first reported Friday by cybersecurity reporter Brian Krebs, who said that there had been a spike in fraudulent credit and debit charges on cards that had been used at Neiman Marcus stores.
The firm has offered few concrete details about the scope of the attack, such as what data were taken or how many customers may be at risk. Nor did it say whether data from any of the other retailers it operates — including Bergdorf Goodman, Horchow, Cusp and Last Call — were affected. In a statement, Neiman Marcus said it was informed of the breach in mid-December by its credit card processor and subsequently informed law enforcement officials, including the Secret Service. The company is taking steps to contain the breach and has “taken significant steps to further enhance information security,” the statement said.
Neiman Marcus spokeswoman Ginger Reeder declined to provide further information on the attack. A spokesman for the Secret Service also declined to comment.
The company apologized to its customers for the breach through messages on its Twitter feed and said that it is working to notify those whose cards were used fraudulently after visits to Neiman Marcus stores.
“The security of our customers’ information is always a priority and we sincerely regret any inconvenience,” the company said in a statement.
Neiman Marcus operates 79 retail locations and reported total sales of $1.1 billion in its most recent quarter, which ended Nov. 2 — ahead of the peak holiday shopping season.
It is not yet known if the breach is connected to the attack on Target, which was discovered around the same time and collected information from customers who shopped in the Minneapolis-based retailer’s stores. The latest figure, Target spokeswoman Molly Snyder said, includes information collected through “the normal course of our business,” which indicates the breach may have also affected online shoppers.
Cybercriminals are always particularly active during the holiday season, when it can be more difficult for retailers and credit card companies to detect patterns of unusual spending. But data breaches rose in 2013 and analysts have said that attacks are only expected to continue rising this year.
In the wake of the Target breach, customers, lawmakers and consumer advocates have stepped up calls for Congress to set guidelines on how merchants should protect consumer data.
In a statement Friday, Sen. Edward Markey, D-Mass., said that the Target breach illustrates a need for clear, strong privacy and security standards across all industries.
“When a number equal to nearly one-fourth of America’s population is affected by a data breach, it is a serious concern that must be addressed,” he said.