Neiman Marcus confirms data breach, some customers at risk

Tom Pennington/AP - The high-end retailer is working to contact consumers whose cards have been used for fraudulent purchases.

Neiman Marcus confirmed Saturday that its customers are at risk after hackers breached the Dallas company’s servers and accessed the payment information of those who visited its stores.

The news comes on the heels of a disclosure from Target that a similar data breach at its stores may ultimately affect up to 100 million customers, far more than originally feared. The Neiman breach was first reported Friday by cybersecurity reporter Brian Krebs, who said that there had been a spike in fraudulent credit and debit charges on cards that had been used at Neiman Marcus stores.

Neiman Marcus: We were hacked, too

Neiman Marcus: We were hacked, too

An unknown number of credit card accounts may have been affected.

Target breach: What you need to know

Target breach: What you need to know

Important information for customers affected by Target’s data breach.

Target: Millions more customers affected by December data breach

Target: Millions more customers affected by December data breach

The retailer says other personal information besides payment card data was taken.

More tech stories

Parking doesn’t have to be a hassle

Parking doesn’t have to be a hassle

Meet the man who wants to make parking in a garage as fun as riding in an Uber.

Big data: A double-edged sword

Big data: A double-edged sword

New information will improve our health and prevent crimes, but uncover skeletons and hurt privacy.

White House updating online privacy policy

White House updating online privacy policy

A new Obama administration privacy policy explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites, and it clarifies that online comments, whether tirades or tributes, are in the open domain.

The firm has offered few concrete details about the scope of the attack, such as what data were taken or how many customers may be at risk. Nor did it say whether data from any of the other retailers it operates — including Bergdorf Goodman, Horchow, Cusp and Last Call — were affected. In a statement, Neiman Marcus said it was informed of the breach in mid-December by its credit card processor and subsequently informed law enforcement officials, including the Secret Service. The company is taking steps to contain the breach and has “taken significant steps to further enhance information security,” the statement said.

Neiman Marcus spokeswoman Ginger Reeder declined to provide further information on the attack. A spokesman for the Secret Service also declined to comment.

The company apologized to its customers for the breach through messages on its Twitter feed and said that it is working to notify those whose cards were used fraudulently after visits to Neiman Marcus stores.

“The security of our customers’ information is always a priority and we sincerely regret any inconvenience,” the company said in a statement.

Neiman Marcus operates 79 retail locations and reported total sales of $1.1 billion in its most recent quarter, which ended Nov. 2 — ahead of the peak holiday shopping season.

It is not yet known if the breach is connected to the attack on Target, which was discovered around the same time and collected information from customers who shopped in the Minneapolis-based retailer’s stores. The latest figure, Target spokeswoman Molly Snyder said, includes information collected through “the normal course of our business,” which indicates the breach may have also affected online shoppers.

Cybercriminals are always particularly active during the holiday season, when it can be more difficult for retailers and credit card companies to detect patterns of unusual spending. But data breaches rose in 2013 and analysts have said that attacks are only expected to continue rising this year.

Citing unnamed sources familiar with the incidents, Reuters news service reported late Saturday that there were smaller attacks over the holiday season on the networks of “at least three other well-known U.S. retailers.” It did not name those retailers.

In the wake of the Target breach, customers, lawmakers and consumer advocates have stepped up calls for Congress to set guidelines on how merchants should protect consumer data.

In a statement Friday, Sen. Edward J. Markey (D-Mass.) said that the Target breach illustrates a need for clear, strong privacy and security standards across all industries.

“When a number equal to nearly one-fourth of America’s population is affected by a data breach, it is a serious concern that must be addressed,” he said.

Follow The Post’s new tech blog, The Switch, where technology and policy connect.

 
Read what others are saying

    The best education your money can buy