Neiman Marcus: 1.1 million in-store customers affected by breach

Scott Olson/Getty Images - FILE - JANUARY 11, 2014: It was confirmed by Neiman Marcus that customers' credit and debit card information had been compromised in a cyber-security attack January 11, 2014. CHICAGO - MARCH 05: Pedestrians walk past a Neiman Marcus store on the Magnificent Mile March 5, 2009 in Chicago, Illinois. Neiman Marcus Group Inc., which operates Neiman Marcus, recently reported a 24 percent decline in sales. (Photo by Scott Olson/Getty Images)

Neiman Marcus Group said Thursday that about 1.1 million customers have been affected by a three-month security breach that the retailer initially disclosed earlier this month.

So far, credit card companies have told the high-end retailer that about 2,400 cards from Neiman Marcus customers have been used in fraudulent transactions linked to the breach. The retailer has yet to see any fraudulent activity on its own Neiman Marcus cards, the company said in an online post.

More tech stories

Parking doesn’t have to be a hassle

Parking doesn’t have to be a hassle

Meet the man who wants to make parking in a garage as fun as riding in an Uber.

Big data: A double-edged sword

Big data: A double-edged sword

New information will improve our health and prevent crimes, but uncover skeletons and hurt privacy.

White House updating online privacy policy

White House updating online privacy policy

A new Obama administration privacy policy explains how the government will gather the user data of online visitors to, mobile apps and social media sites, and it clarifies that online comments, whether tirades or tributes, are in the open domain.

This is the most detailed accounting of the incident, which occurred between July and October of 2013, the firm has released to date.

The upscale retail-store operator said online customers were not affected by the intrusion. It also said sensitive information such as social security numbers, birth dates and PIN numbers were not taken in the cyberattack.

The scope of the Neiman Marcus attack is far more limited than a similar breach at Target, where a December breach might ultimately affect more than 100 million customers. Though Neiman Marcus says it has “no knowledge” of a connection to the Target breach, the incidents are striking similar.

Karen Katz, the president and chief executive of Neiman Marcus Group, said in a statement to customers that criminals installed malicious software to collect payment information on the firm’s system for nearly three months. Despite the duration of the attack, the retailer said it was not notified of the problem until mid-December and did not confirm there had been an attack until Jan. 1 — about six months after the initial attack.

The firm is also continuing to investigate how many of its stores were affected. The Neiman Marcus Group includes Neiman Marcus, Bergdorf Goodman, Last Call, Horchow and Cusp stores.

The company is casting a wide net to notify customers about the breach. It is sending notifications to all customers for whom it has addresses or e-mail address on file and who have shopped at its stores in the past year. It is offering free credit monitoring to consumers using Experian’s ProtectMyID program, which is the same service Target is offering its users.

Read what others are saying